Facebook Users Beware: Criminals Position Themselves for Holiday Attacks

Combine lockdowns with the holiday season, and you have a fertile breeding ground for hackers who would love to steal your personal information and, ultimately, your money. It’s a good idea to be a paranoid web surfer during the holiday season, but which sites are the most dangerous?

According to Kaspersky, these are the sites from which most phishing attempts are launched.

Keep in mind that WhatsApp (as well as Messenger) is owned by Facebook. One would have to assume, therefore, that Facebook would be the criminal’s platform of choice during this holiday season.

Some of the phishing attempts will be standard. They have been around for years. This doesn’t mean they can’t still be effective. In addition, some of these classic ploys to get your data have been upgraded and so have some new angles that haven’t been seen before.

The Fake Video Scam

Recently, an attack has turned up that uses a video on Facebook. The video may even appear to have come from one of your friends. That’s a common approach hackers use to lower your guard. The video will have some catchy caption such as “Look what I found” or “I think you appear in this video.” (See my post on the “It’s you?” scam)

This new phishing attempt is a bit different because it leads you to a Facebook message page that looks like this.

If you decide you really want to go to this page to see this video, you will be sent to the phishing page. What’s on that page is up to the hackers. The one connected to the link above looks like this.

Notice that this phishing page assumes the victim is using an Android mobile device. This is not an accident. While being redirected, the victim must have been sent to pages controlled by the hacker. In this case, the server would be able to see what device was requesting the page. Presenting the fake phishing page for the correct device makes the scam more believable.

Recently, a scam using Facebook Messenger has been getting a lot of attention because so many people are falling for it. At this stage, it seems that the scam is being used for credential harvesting and nothing more. Perhaps the perpetrators are collecting these credentials to sell to other hackers or maybe they have something more nefarious planned.

In any event, the Messenger attack proceeds much like the one previously mentioned. A known contact sends a video with a YouTube link. Here’s one that I was sent.

This one redirected me through a number of sites before landing on a YouTube advertisement for a video ad blocker. In this case, the Facebook hackers may be trying to make some extra money for themselves by directing numerous people to these intermediate sites. They get paid for generating traffic to these sites. The site owner may be legitimate, but they may have no idea that criminals are sending them potential clients, even though these clients only remain on the page for a few seconds before being redirected onto other sites. From the look of some of the sites I was redirected through, the owners probably don’t care where their traffic comes from. The fact that these scammers are using an adware program called, terraclicks, substantiates the idea that they are out to make money by delivering as many people to these sites as possible.

I eventually got this message from the person who inadvertently sent me the bogus video link.

Yes, if Facebook algorithms detect that something is not right, like your account has been compromised, you will be locked out until you prove your identity. It’s a problem that will usually result in having to reset a password. Also, it’s a good idea to opt for multifactor authentication.

According to Cyberint, these are the devices and browsers most often compromised in this scam.

The “Whose Viewing My Profile” Scam

One of the most asked questions on the internet is: “Can I see who is visiting my Facebook page?” The answer is no. However, this doesn’t mean there aren’t criminals trying to sell you apps to do just this. Where there is a demand, there will be a supply. But will these apps work?

No. The app sellers will often say that they need access to your Facebook account to install their app. In fact, they will just steal your credentials and either take over the account,or harvest your contacts and other information you have stored on your site. In the most recent version, the victim will receive this notice.

If you decide to look at the list, you will be sent to a phishing page that asks you to sign into Facebook. After signing in, your credentials are harvested and you will be sent to Google Play where, supposedly, you can download the appropriate app.

The criminals in this scam have the ultimate goal of getting you to sign up to buy Bitcoins.  To achieve this end, the victim is incrementally led to a fake Bitcoin site where they are encouraged to sign up to buy Bitcoins which they will never receive. Now, you may think that few people would be fooled by this ploy ; however, they have managed to scam over 150,000 people into giving up their credentials. Once in control of the victim’s account, they could also control their contacts by posting links in their news feeds. Ultimately, they want to work their Bitcoin scam, but they know they cannot simply post a direct link to the scam page as Facebook algorithms would detect that something was wrong. Instead, they direct people to other sites which would eventually redirect them to the target page.

Other scams are also being deployed on Facebook. The so-called “Secret Sister” scam promises people who send a $10 gift to someone that they will get 36 gifts in return. The actual scam takes place when you sign up and give the scammers your personal information.

Another way you can be scammed on Facebook is through its Marketplace. Here, it is not uncommon to see surprisingly low prices for top-selling items. The fact that the prices seem too good to be true should set off an alarm, and, usually, your purchase will never arrive. Even if you do buy a legitimate product, you may be hit with a fake FedEx, UPS delivery scam which will request personal information. And since there is no morality in the land of scammers, Facebook offers them a good platform to pose as a fake charity. They will make seemingly sincere pleas for your money, but check them out before you give them gift cards or wire them cash. Sure, it might be the season for giving, but, for scammers, it’s more often than not the season for taking.

One thought on “Facebook Users Beware: Criminals Position Themselves for Holiday Attacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s