Security News > 2022 > June > Facebook Messenger Scam Duped Millions
For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials.
According to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.
Researchers believe millions of Facebook users were exposed each month by the scam.
The reason PIXM believes the massive Facebook scam is tied to a single individual is because each message links back to code "Signed" with a reference to a personal website.
"After the user has clicked," the report's authors explained, "They will be redirected to the actual phishing page. But, in terms of what lands on Facebook, it's a link generated using a legitimate service that Facebook could not outright block without blocking legitimate apps and links as well."
Even if Facebook caught on to and blocked any one of these illegitimate domains, "It was trivial to spin up a new link using the same service, with a new unique ID. We would often observe several used in a day, per service," researchers said.