Security News

A new phishing campaign codenamed 'Ducktail' is underway, targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company. The threat actor reaches out to employees on LinkedIn who could have Facebook business account access, for example, people listed as working in "Digital media" and "Digital marketing" as their roles.

Amazon is suing over 10,000 administrators of Facebook groups that offer to post fake reviews on the online souk's website in exchange for products and money. Group admins charged $10 per fake review, according to CNBC. Reviewers were also lured with promises of free products in return for sham assessments of items such as car stereos or camera tripods.

Including Facebook, add parameters to the web address for tracking purposes. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022.

Like last time, they created an HTML email with a clickable link that itself looked like a URL, even though the actual URL it linked to was not the one that appeared in the text. This time the link you saw if you hovered over the blue text in the email really was a link to a URL hosted on the facebook.com domain.

At 19 minutes after 3 o'clock UK time today , the criminals behind this scam registered a generic and unexceptionable domain name of the form control-XXXXX.com, where XXXXX was a random-looking string of digits, looking like a sequence number or a server ID:. 28 minutes later, at 15:47 UK time, we received an email, linking to a server called facebook. We've highlighted the error message "Password incorrect", which comes up whatever you type in, followed by a repeat of the password page, which then accepts whatever you type in.

A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages. In a new campaign discovered by TrustWave, threat actors use chatbots to steal credentials for managers of Facebook pages, commonly used by companies to provide support or promote their services.

A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages. In a new campaign discovered by TrustWave, threat actors use chatbots to steal credentials for managers of Facebook pages, commonly used by companies to provide support or promote their services.

In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a massive phishing campaign has successfully stolen an estimated five million Facebook accounts. The campaign continues to spread virally through Facebook Messenger on mobile devices as the primary target vector.

For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials. According to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.

An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger. Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful.