Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label "IS that you" Phishing Scam. Show all posts

Facebook :"Is that you?" 500,000 People Were Victims of this Phishing Scam

 

Facebook has often been a favorite hunting ground for cybercriminals who delight in preying on the naive members of the internet community. While addressing a very prevalent fraud known as "Is that you?" cybernews has conducted research. It's a type of video phishing scam in which the attacker delivers a link to a fictitious video in which the victim appears. When you click, the trouble begins as soon as you enter some personal information and log in. 

Researchers were recently rewarded for such diligence when they received a warning from fellow cyber investigator Aidan Raney – who originally contacted them after the original results were released – that malicious links were being sent to users. Upon further investigation, it was discovered that thousands of these phishing links had been circulated via a devious network spanning the social media platform's back channels. If left unchecked, hundreds of thousands of naive social network users might fall prey to the shady connections - the "Is That You?" scam was said to have ensnared half a million victims before researchers discovered it. 

Raney explained, "I worked out what servers did what, where code was hosted, and how I might identify additional servers." "I then used this information, as well as urlscan.io, to seek for more phishing sites with similar features to this one." 

A thorough examination of the servers linked to the phishing links revealed a page that was transmitting credentials to devsbrp. app. A banner believed to be attached to a control panel was discovered with the wording "panelfps by braunnypr" printed on it. A second search using keywords led the study team right to the panel and banner designer, whose email address and password variations were also identified  neatly turning the tables on fraudsters who prey on unwary web users' credentials. 

Cybernews accessed a website which proved to be the command and control hub for most of the phishing assaults linked to the gang, known to include at least 5 threat actors but could have plenty more, using the threat actor's personal details. This gave our brave investigators a wealth of information about the culprits of the Facebook phishing scam, including the likely country of residence  the Dominican Republic.

"We were able to distribute the user list for everyone who has signed up for this panel," the Cybernews researcher explained. "We started unearthing the identities with as many people on the list as we could using the usernames on the list, but there is still more work to be done." Researchers provided the appropriate information to the Dominican Republic's Cyber Emergency Response Team (CERT) at the time, as evidence suggested that the campaign had started there as well.

Threat Actors Targeting British Users in a Facebook Phishing Campaign

 

After targeting the German users in the ongoing Facebook phishing campaign threat actors have shifted their focus onto the British users, nearly 75% of the new victims are based in the UK. Cybernews exposed the phishing campaign on Facebook named “Is that you” after it tricked nearly 4.5 lakh users in Germany since its beginning on January 26.

It seemed like threat actors have abandoned their campaign after getting exposed but they were planning to launch their phishing campaign in another country. The new phishing campaign was launched on February 11 in the UK and since then it has targeted more than 20,000 British users. Cybernews has shared the details of their investigation regarding the ongoing phishing campaign in Germany and the UK with Facebook, CERT UK, Dominican Republic’s cyber police, and wal. ee (the URL shortener service used by the threat actor).

Threat actors are using the same legitimate third-party web statistics service to track the growth of the latest phishing campaign in the UK as they used in Germany. Their methodology of operating is also identified as it was in Germany, threat actors are sending a personal Facebook text to the unsuspected users and are claiming to have discovered a video or image with the victim featured in it. This text then directs the victim through a chain of websites that have been compromised with malicious scripts that accumulate the victim’s credentials and are infected with adware or other malware, depending on the victim’s device.

The two things which are unidentical from the previous phishing campaign in Germany are tracking code and campaign name. Cybernews managed to gain access to the threat actor’s dashboard in order to learn the scale of the campaign and it appears that over 20,000 users are trapped in the net laid by the threat actors. Due to the access to the threat actor’s dashboard, Cyber news was able to spot the devices and browsers predominantly used by the victims.

Three steps to protect yourself against phishing campaign

 1) Your passwords should be unique and complex for all the online accounts and the password manager will suggest you to generate strong passwords.

 2) Enable the multi-factor authentication option (MFA) and try to remain vigilant while using any social media platform and beware of any suspicious text sent to you even from your Facebook contact.

 3) Threat actors usually apply social engineering to tempt you to click on the malicious links or download infected files, think twice before clicking on such suspicious links and report to the cyber cell for the potential cyber fraud.