14 DAY TRIAL // Text messages including a link to a fake Facebook login page are currently circulating, in an attempt by cybercriminals to steal credentials for the social networking website.
The URL points to an HTML page that is hosted on a Dropbox account, where the potential victim is asked to enter the username and password for the Facebook account.
The crooks use as bait a simple message telling the recipient to remove a picture supposedly published on their timeline, followed by the malicious link.
According to Jovi Umawing from Malwarebytes, almost all the links in the fake page lead to a 404 HTTP status code, which means that the page accessed does not exist.
Attempting to log into Facebook through this page leads to having all the information entered in the form fields delivered to a PHP website. An analysis of the page via Virus Total showed that it was used for hosting multiple malicious files, proving that it was also used in other campaigns, too.
The entire process of stealing the credentials takes place in the background, the victim being completely unaware of the nefarious activity. To divert attention from the scam, the crooks then redirect to a picture that could be interpreted as a “‘Gotcha!’ after a successful con,” Umawing says.
The Malwarebytes researcher also noted a shortened bit.ly link, which she believes to have been used in diet scam campaigns.
It is worth noting that the SMS initiating the scam (a technique also known as “smishing”) does not come from someone known to the recipient, which suggests that the phone number has been drawn from a larger database used by cybercriminals in their activities.
Phone numbers, just like email addresses, are a coveted piece of information in cybercrime because they offer access to the potential victim.
This type of information is generally collected via scams run on social networking websites, which lead to completing online surveys.
Victims are baited with sensational pieces of news, and in order to obtain access to the details, they are often asked to provide their phone number or email address.
Users are often unaware of the risk associated with providing this type of details and offer them to unknown parties.
Another method for harvesting phone numbers is through malicious apps installed on the smartphone. Once they start running on the device, data such as phone number, IMEI or model of the phone is collected.
It is recommended not to reply to messages from unknown individuals, especially if they contain shortened links.