Facebook is such a huge social media platform that various hackers use it as a training ground or even as an initial step towards a more sophisticated targetted attack. In a recent report sent to us, a user received a message from a friend through Messenger. It appears to be harmless at first glance. It leverages in what we all Filipinos are prone to – returning a favor.
Drafted in Tagalog, the message reads “favor pls para lang sa points ko click m ung link tapos click m ung 500 tapos search m name ko tapos click gift. salamat”. Who would not fall for this one, right? The way the message was typed is very much the same how most of our friends (this one’s subjective though) send us a message nowadays. A lot of people would most likely click on the link that was sent along with the message.
But, here’s what makes this phishing technique even more effective.
URL Shortener
The people behind this attack used a URL shortener service that hides the exact website where users will be redirected to. Web security filtering services would’ve categorized it as clean unless they use a multilayer crawler that checks all the underlying URLs.
The domain that was used could be any other hacked domains out there. These cybercriminals would only have to invest in hacking skills rather than buying domains for this purpose. Not only that this makes their jobs easy, it also keeps them off from leaving any traces.
Smartphones
Since most of the people nowadays use their mobile phones to access Facebook, there’s a high chance that the victim doesn’t have an active mobile antivirus installed. Clicking on that link would lead to a page that disguises itself as a gaming site of Pool Live Tour. Following the instructions in the initial message, the victim would click on the 500 image and this would further lead to a Facebook phishing page. Note that the user is accessing it through a mobile phone. S/he might just think that his/her account just logged out automatically. Knowing that this is a phishing page, entering your credentials would only mean handing your account to the culprits.
Friendship
Friendship is probably the top reason why most of the victims of this phishing campaign fell for it. It was delivered like any other messages from our friends. And since it was a friend who sent it to us, and we’re so innocent and helpful, for that matter, we would probably give in and follow the instructions.
Security Tips Against These Types of Phishing Attacks
- Review your friends on Facebook. You might want to unfriend those that are no longer active or have created a new account, or even those that you barely knew. Why are they even your friends to begin with?
- If you suspect that your friend’s Facebook account has been hacked, contact him/her directly outside the platform. Verify if they really sent that message. If they did not, ask them to change their passwords. There’s no harm in being extra paranoid. You would be saving a lot of would-be compromised accounts. Be a hero.
- Install an antivirus app on your phone. This may sound cliche but it’s not like you’re going to lose if you’re going to do it, right? They’re mostly free so why not take advantage of it?
- Educate your friends about security. Even the basic ones will do.
- Report security incidents to Facebook or other security vendors that you may know of. This may help stop these cybercriminals and aid authorities to further investigate. If you wish to share your findings or reports, feel free to contact us on the Contact Us page.
Note:
All URLs featured in the screenshots were forwarded to security vendors for blocking. The hacked domain used in this phishing campaign was also contacted.
Have you received a similar message before? Let us know by leaving a comment below.
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024