Tag Archives: Facebook phishing

Hackers target Alodia’s fans via Facebook phishing

Fans of cosplayer and vlogger Alodia Gosiengfiao got targeted in a recent phishing scheme that harvests Facebook credentials. The hacker behind this attack got an idea after followers of Gosiengfiao started sharing their email addresses on her official Facebook Page.

Alodia initially announced on her Facebook Page a public invitation to join the online game Among Us. Her fans freely shared their email addresses on the post which also attracted hackers seeing the pool of accounts that they can phish.

Later that day, Alodia received a number of reports saying they can’t access the link sent to their email accounts. Upon further checking, the hackers are already in the move as they have sent out emails containing a malicious link.

In one of the screenshots shared by her follower, it showed the list of email addresses who received the phishing mail. It came from the Gmail account alodia[.]amongusgame[@]gmail[.]com to which Alodia denied sending. According to the social media star, her official email is alodia[@]gmail[.]com.

The Among Us phishing email asks recipients to join a Facebook Group via an embedded link. This embedded link actually redirects to a Facebook phishing page under this URL: hxxp://amongusgroupchat[.]byethost4[.]com/?id=facebook

Those who have successfully accessed the landing page specially via mobile may not have noticed the URL and have just willingly logged in using their Facebook credentials. Doing this only put their Facebook accounts in danger as the hackers behind this scheme just received their credentials on the backend.

Alodia already apologized to her followers and shared screenshots of the malicious email. Her fans, on the other hand, suggested options where she can securely gather information for any future invitations.

For those who have received the email, clicked the phishing link, and logged in with their Facebook credentials, we strongly suggest to update your passwords and enable 2FA.

As of this writing, Google already blocks the phishing URL.

Related Posts:

Facebook phishing link arrives in Messenger as friendly message

Facebook is such a huge social media platform that various hackers use it as a training ground or even as an initial step towards a more sophisticated targetted attack. In a recent report sent to us, a user received a message from a friend through Messenger. It appears to be harmless at first glance. It leverages in what we all Filipinos are prone to – returning a favor.

Drafted in Tagalog, the message reads “favor pls para lang sa points ko click m ung link tapos click m ung 500 tapos search m name ko tapos click gift. salamat”. Who would not fall for this one, right? The way the message was typed is very much the same how most of our friends (this one’s subjective though) send us a message nowadays. A lot of people would most likely click on the link that was sent along with the message.

But, here’s what makes this phishing technique even more effective.

URL Shortener

The people behind this attack used a URL shortener service that hides the exact website where users will be redirected to. Web security filtering services would’ve categorized it as clean unless they use a multilayer crawler that checks all the underlying URLs.

The domain that was used could be any other hacked domains out there. These cybercriminals would only have to invest in hacking skills rather than buying domains for this purpose. Not only that this makes their jobs easy, it also keeps them off from leaving any traces.

 

Smartphones

Since most of the people nowadays use their mobile phones to access Facebook, there’s a high chance that the victim doesn’t have an active mobile antivirus installed. Clicking on that link would lead to a page that disguises itself as a gaming site of Pool Live Tour. Following the instructions in the initial message, the victim would click on the 500 image and this would further lead to a Facebook phishing page. Note that the user is accessing it through a mobile phone. S/he might just think that his/her account just logged out automatically. Knowing that this is a phishing page, entering your credentials would only mean handing your account to the culprits.

Friendship

Friendship is probably the top reason why most of the victims of this phishing campaign fell for it. It was delivered like any other messages from our friends. And since it was a friend who sent it to us, and we’re so innocent and helpful, for that matter, we would probably give in and follow the instructions.

Security Tips Against These Types of Phishing Attacks

  1. Review your friends on Facebook. You might want to unfriend those that are no longer active or have created a new account, or even those that you barely knew. Why are they even your friends to begin with?
  2. If you suspect that your friend’s Facebook account has been hacked, contact him/her directly outside the platform. Verify if they really sent that message. If they did not, ask them to change their passwords. There’s no harm in being extra paranoid. You would be saving a lot of would-be compromised accounts. Be a hero.
  3. Install an antivirus app on your phone. This may sound cliche but it’s not like you’re going to lose if you’re going to do it, right? They’re mostly free so why not take advantage of it?
  4. Educate your friends about security. Even the basic ones will do.
  5. Report security incidents to Facebook or other security vendors that you may know of. This may help stop these cybercriminals and aid authorities to further investigate. If you wish to share your findings or reports, feel free to contact us on the Contact Us page.

Note:

All URLs featured in the screenshots were forwarded to security vendors for blocking. The hacked domain used in this phishing campaign was also contacted.

Have you received a similar message before? Let us know by leaving a comment below.

Related Posts:

Duterte Facebook spam emerges

In just a short period of time, the newly elected president of the Philippines is making a huge noise especially now that he’s targeting every single drug user and pusher in the country. With this recent move, it’s not surprising that he’s name is always on the headlines.

However, President Duterte is not only topping the headlines of various news and media outlets. Digong, as most of his supporters fondly call the president, is also a favorite of netizens making him a subject for spam-related attacks.

The latest Facebook spam that we have encountered involves Duterte. Similar to other click-bait campaigns in social media platforms, Duterte’s Facebook spam makes use of catchy photos and caption. Look at a sample screenshot below:

Duterte_Facebook_Spam_Emerges

The spam post lures Facebook users that it would show them the president’s sex video but when clicked, it would redirect them to a page where it will ask for their Facebook credentials. See the landing page below:

Duterte_Facebook_Spam

If the users went on entering their Facebook user accounts and passwords, they have just successfully offered their accounts to the culprits.

This phishing attempt that uses Duterte is just one of the many Facebook spam posts that are now emerging online. It is best to check the sites where you’re being redirected to if you have clicked on similar posts or better yet, avoid clicking such items on your news feed.

Related Posts: