Cybersecurity company SpiderLabs has discovered a new phishing campaign using chatbot software (Opens in a new tab) in Messenger.
The purpose of the campaign is to obtain people's Facebook credentials and other personal information, the researchers explained.
First, the victim receives an email, posing as Facebook, claiming that their page violates the site's community standards and will be removed within 48 hours.
The email also contains an "Appeal Now" link, which gives the victim the option to appeal the termination.
Red flags galore
Fortunately, the content of the email contains some red flags that should help users identify the message as fraudulent.
For example, there are some spelling and grammatical errors in the body of the message, and the recipient's name is listed as "Policy Issues," which is not how Facebook handles these cases.
If the victim still clicks the “Appeal Now” link, they are redirected to a Messenger chatbot, where they are prompted to click another “Appeal Now” link. This is most likely done to bypass email security services, as the link to the chatbot is not malicious per se.
Here, the researchers found more red flags: the page that owns the chatbot has an ID @case932571902, which is definitely not from Facebook. It's also empty, with no subscribers or messages.
If the victim continues, they are redirected to a website hosted by Google Firebase. This is disguised as a Facebook "support inbox", and this is where the victim ends up giving sensitive data to the attackers.
According to the researchers, the attackers ask for email addresses, mobile phone numbers, first and last names, page names and, of course, passwords (opens in a new tab).
“Chatbots play a huge role in digital marketing and live support, so it's no wonder cyber attackers are now abusing this feature. People don't tend to be suspicious of its content, especially if it comes from an apparently authentic source," the report says. said.
“The fact that spammers exploit the platform they are impersonating makes this campaign a perfect social engineering technique. As always, we encourage everyone to remain vigilant while browsing the web and not to engage with unsolicited emails.