MILLIONS of Facebook users have been duped by a phishing scam that tricks victims into handing over their account details – leaving them wide open to attack.
The scam is still active on the social networking site, according to experts.
According to a report published by researchers at PIXM Security, it works by sending users to a dummy Facebook login page where they are coaxed into entering their personal details.
The researchers said that the Facebook credential-harvesting campaign has been active since September 2021 and on a scale that “has potentially impacted hundreds of millions of users”.
The company found that one cyber criminal they tracked had managed to use the scam to steal one million credentials in just four months.
Facebook owner Meta is yet to reply to our request for comment regarding the scam.
Read more on Facebook
Why you CAN’T quit Facebook – tricks that keep you addicted to social media
Check your Facebook NOW – three creepy pages prove you’re being watched
How to tell if you’ve been duped
Since the scam works by luring users into giving away their Facebook credentials via numerous phishing sites, anyone who has fallen victim to this attack will find themselves redirected to a website with ads and surveys after completing the fake log-in page.
Your Facebook account would then be used to further spread the campaign, probably via Messenger.
So your contacts will receive messages from you asking them to log in to the same dummy page you were duped by.
How to remain safe
Chartered security professional and security consultant, James Bore, told The Sun that people need to remain more vigilant than ever when using Facebook, especially after the discovery of this phishing campaign.
Most read in Tech
All WhatsApp users urged to change setting TODAY to lock down your texts
Mystery solar storm hits earth leaving forecasters baffled – and could last DAYS
Whatsapp warning as trick means your messages can be read even if they're DELETED
Why you CAN'T quit Facebook – tricks that keep you addicted to social media
“While these phishing attacks may seem obvious, they can catch out even cautious or experienced users in a moment of inattention,” he warned. “There's a huge number of these scams out there because they're highly profitable for the criminals behind them.”
He recommends that the most useful thing to do to stay safe is to develop a habit of pausing and double-checking whenever being asked to do something unusual or new.
Common sense is the best weapon against these sorts of attacks.
Inspect the website you are on to ensure it is legit before handing over any sensitive information.
However, some of the new methods employed by threat actors are increasingly convincing, meaning even the most experienced users can fall victim to these types of attacks.
Read More on The Sun
I’m being evicted from my home of 51 years because my dad and brother both died
Teen goes viral with safety tips for women including when not to wear ponytail
If you believe you’ve been hit by this attack, report it to Facebook through the site’s necessary channels and change your account password immediately. Also, be sure to enable two-factor authentication if you haven’t already.
The UK’s National Cyber Security Centre also recommends reporting the hack or any similar through the Action Fraud website, the UK’s national fraud and cybercrime reporting centre.
- Read all the latest Phones & Gadgets news
- Keep up-to-date on Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com
Source: Read Full Article