Up next

FACEBOOK users are being targeted by hackers in an attempt to steal their logins.

According to cyber researchers, the massive phishing campaign has successfully pinched an estimated 5million accounts worldwide.

A phishing scam is targeting users of Facebook Messenger

1

A phishing scam is targeting users of Facebook MessengerCredit: Getty

The attacks continue to spread virally through Facebook Messenger on mobile devices.

It’s been around for over a year but was highlighted this week by Nick Ascoli of PIXM, an anti-phishing browser extension.

In a video for tech news website HelpNetSecurity, he explained how the scam campaign works.

Nick’s team identified a number of dodgy websites posing as Facebook’s login page.

Check your Facebook NOW – warning over 'hidden logins' stalking you
Your Facebook's HIDDEN ‘reject folder’ is filled with people who ignored you

Each website had millions of visits and aimed to trick people into plugging in their Facebook credentials.

Links to the dodgy pages are being distributed through Messenger, Nick, VP of Threat Research at PIXM, explained.

“Once the adversary has compromised the account of a Facebook user, they log in to that account – presumably automatically,” he said.

From here, they “distribute new phishing links to all of that user’s friends,” Nick added.

Most read in Tech

The attackers have even figured out a way to insert the name of the target into the link, to make it look more believable.

It’s thought that the adversaries are collecting the credentials to sell them to hackers on the dark web.

Stolen Facebook logins can open the door to lucrative accounts with banking information, as people commonly use Facebook to autolog into shopping websites.

But the attackers running the campaign are making money in other devious ways.

Once a victim has plugged in their Facebook details into the fake website, they’re redirected to an advertising page.

The hacker could be making hundreds of dollars a month from the hits to that page generated by their attacks.

If you spot a suspected online scam message in the wild, do not click on any links or attachments sent by the attacker.

Generally speaking, if something feels off about a message or website, it’s best to proceed with extreme caution.

Anita Alvarez' coach dives into pool to save her life after she fainted in water
My kids’ school told us to pay £142 for a new uniform - families can't afford it

In the UK, you can report suspected scams to ActionFraud, the national reporting centre for fraud and cybercrime.

Their website is actionfraud.police.uk, and their phone number is 0300 123 2040.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

New version of TikTok revealed with HUGE change that could see you spending even longer on the app

TIKTOK has developed a new ‘Clear Mode’ function that will limit distractions…

UK’s most popular YouTuber revealed – and it’s not who you might expect

PEPPA Pig is the most popular YouTuber in the UK — beating…

Everything announced during August’s Pokémon Presents

NINTENDO held a Pokémon Presents today to share more information on its…

I went on a cheap VIRTUAL vacation with Zuckerberg’s ‘metaverse’ headset – it was so good I napped on my real floor

I JUST went on a holiday to the beach AND the mountains…