Once again, Facebook ads have been misused by cybercriminals in a large-scale phishing scam to steal victims’ login credentials.
Facebook seems to find itself involved one way or another in every second phishing scam out there. In the latest, researchers from ThreatNix have discovered a phishing campaign that was being run using Facebook ads and redirecting users to Github where the actual phishing pages resided.
The users targeted span from a number of countries including Egypt, the Philippines, Pakistan, and Nepal with more than 615,000 of them being affected in totality.
Phishing scam
The phishing campaign is executed by Facebook ads posted from pages that aim to impersonate legitimate companies in order to avoid user suspicion. For example, there was an ad that was run under “Nepal Telecom’s” name and promised users 3 GB of free internet data.
When the users clicked on the attached link, a Github page (static) was opened which was in essence a Facebook login lookalike phishing page. If the user was fooled, the credentials would be sent to the attackers through a Firestore database and a domain hosted on GoDaddy.
Similar ads were found for each country with versions of the ad copy that has been localized in order to increase the conversion rate. Commenting on the technical aspect of how this evaded Facebook’s filters, the researchers state in a blog post that:
While Facebook takes measures t ..
Support the originator by clicking the read the rest link below.
