It is no secret that social media is a no-go for security and privacy advocates. With so much data collected on its users, data that is willingly shared, mind you, it is not hard to see how social media platforms can be targeted. The targeting typically comes from nefarious black hat hackers looking for a payday, either monetarily or via data that can be used in later attacks. This is the case in a recent attack campaign that went specifically after Facebook users. As reported in a post by researchers at Cyberint, a phishing campaign targeted over 400,000 Facebook users. These victims were located primarily in Israel, Norway, the United States, and Bulgaria (though many other countries had at least 1,000 confirmed victims). At the same time, as researchers note, the motivations behind the attack seem vague. For Facebook, this is another in a long line of security embarrassments to strike the social network.
According to Cynerint, the Facebook phishing campaign specifically spread a malicious link via Facebook messenger. Further details can be found in the following excerpt from the Cyberint team’s post:
Masquerading as a link to a YouTube video sent from a contact known to the recipient, those that click on the nefarious link are, unbeknownst to them, redirected through multiple websites that first determine if the victim is using a mobile device, presumably as the attack will be less noticeable, before presenting a Facebook phishing page and, after multiple redirects, culminating in the presentation of the legitimate Google Play Store site.
Other than the theft of Facebook credentials, seemingly abused to further the reach of this campaign, the motivations or final objectives of the threat actor remain somewhat vague.
Aside from the potential for some kind of referral-fraud, assuming that the redirection chain passed the victim through websites offering affiliate schemes, it appears unusual for a phishing campaign to not culminate in the victim being returned to the targeted site.
This attack ties in well to a recent report from Kaspersky that explored the volatility of social media, namely the threat it poses to its users from a cybersecurity perspective. The report compiled a list of the social media platforms that experiences the most phishing incidents. Over their period of research, Facebook topped their list with a staggering 4.5 million attack attempts.
Featured image: Flickr / Esther Vargas