Chatbot Messenger used to steal Facebook passwords

Chatbot Messenger used to steal Facebook passwords

Cybersecurity company SpiderLabs has discovered a new phishing campaign using chatbot software (Opens in a new tab) in Messenger.

The purpose of the campaign is to obtain people's Facebook credentials and other personal information, the researchers explained.

First, the victim receives an email, posing as Facebook, claiming that their page violates the site's community standards and will be removed within 48 hours.

The email also contains an "Appeal Now" link, which gives the victim the option to appeal the termination.

Red flags galore

Fortunately, the content of the email contains some red flags that should help users identify the message as fraudulent.

For example, there are some spelling and grammatical errors in the body of the message, and the recipient's name is listed as "Policy Issues," which is not how Facebook handles such cases.

If the victim still clicks the "Appeal Now" link, they are redirected to a Messenger chatbot, where they are prompted to click another "Appeal Now" link. This is most likely done to bypass email security services, as the link to the chatbot is not malicious per se.

Here, the researchers found more red flags: the page that owns the chatbot has an ID @case932571902, which is definitely not from Facebook. It's also empty, with no subscribers or messages.

If the victim continues, they are redirected to a website hosted on Google Firebase. This is disguised as a "support inbox" from Facebook, and this is where the victim ends up giving sensitive data to the attackers.

According to the researchers, the attackers ask for email addresses, mobile phone numbers, first and last names, page names and, of course, passwords (opens in a new tab).

"Chatbots have a huge role in digital marketing and live support, so it's no surprise that cyber attackers are now abusing this feature. People don't tend to be suspicious of your content, especially if it comes from an apparently authentic source," the report says. said.

"The fact that the platform is being exploited by spammers by impersonating makes this campaign a perfect social engineering technique. As always, we advise everyone to remain vigilant while browsing the web and not engage with spam emails.