Group-IB, a company specializing in preventing cyber attacks and investigating high-tech crimes, has warned Facebook of large-scale attacks on Facebook Messenger users in 84 countries, including Russia. This is stated in a message from the company, which was received by Izvestia on Tuesday, April 20.
Group-IB Digital Risk Protection specialists have about 1,000 fake social network profiles that were used in a fraudulent scheme. For the first time, the company recorded an attack in the summer of 2020 – cybercriminals distributed download links for a non-existent Facebook Messenger “update”.
“In April 2021, the number of fake Facebook posts offering to install the“ latest update ”of the messenger reached 5,700,” the message says.
Users were attacked, including those from Russia, Europe, Asia, the MEA region (Middle East and Africa), North and South America.
The cybercriminals used similar names in the accounts from which they distributed messages: Messanger, Meseenger, Masssengar, and loaded the official app icon as an avatar. Advertising publications talked about new functions of the messenger, including fictional ones – for example, it was proposed to download a non-existent Gold version.
The message itself contained a short link created using the services linktr.ee, bit.ly, cutt.us, cutt.ly, rb.gy. By clicking on it, users were taken to a phishing site with a fictitious login form. As a result, the victim could have lost access to his account and “leaked” his other personal data – phone number, e-mail. In the future, cybercriminals can use this data for extortion, send spam, or sell on hacker forums.
To avoid such a situation, Group-IB recommends downloading applications and updates only from official mobile application stores, trusting the verified accounts of the companies from which the advertisement is sent. It is necessary to follow short links with caution and check the domain name, log in to the messenger only on the official website and in the official application.
In early April, Group-IB announced a new way of fraudsters scamming tourists in Russia – using Telegram bots. Bots create fake pages of online services for booking hotels, renting real estate, finding fellow travelers. Some criminals open a special trading account, with the help of which the victim’s bank card details entered into the phishing form allow the scammers to completely write off all funds from the victim’s bank card.
Experts advised citizens to use only official sites or applications for correspondence with users and pay for services, not to make prepayment for services. Attackers often try to lead a potential victim to third-party resources or instant messengers, where they send a link to a phishing site.
Since the spring of last year, Group-IB has recorded an increase in fraud, including the use of brands of courier services, marketplaces, and online hotel booking services.