A recent investigation by CyberNews uncovered a large scale phishing operation on Facebook. The Facebook phishing campaign is dangerous and targets user personal information. The phishing scam “Is that you” currently on Facebook has been around in multiple forms for years. The whole trouble starts with a “friend” sending you a message claiming to have found a video or image with you in it. The message is usually a video and after clicking, it takes you through a series of websites. These websites have malicious scripts that get your location, device type, and operating system.
After getting this information, it takes you to a malicious Facebook phishing page to get other credentials. Depending on the type of device you are using, it can infect it with other malware. The Facebook phishing campaign is named Tamo Trabajando, which means “we’re working.”
According to the report, the latest “Is that you” Facebook phishing campaign is targeting German residents. CyberNews believes that the perpetrator is from a Spanish-speaking country. The report also shows some clues that he could be from the Dominican Republic specifically.
As of February 8th, 2021, CyberNews claims that the potential victims of this scam exceed 480,000. Of this number, over 77% are from Germany. As of now, CERT Germany, Facebook, wal.ee and the Dominican Republic’s cyber police are aware of this issue.
Further investigation reveals that the originator of this Facebook phishing campaign uses the signature “BenderCrack.com”. Although this domain no longer exists, there is a Facebook page that appears to have a link with the malicious link creator.
According to reports, Android 10 and 9 users make up about 50% of the affected users. Also, iOS 14.3 users account for over 18%. With respect to browsers, Chrome 88 and Safari users are more affected.
Steps were taken to mitigate the threat
- Facebook is aware of this threat and will probably stop the spread of the campaign on its platform,
- wal.ee link shortening service is also aware and should disable the short URL that redirects to the malicious Facebook phishing page. In fact, they have already taken action by expunging the malicious script from their website.
- CERT Germany is also aware because a bulk of the targets are from Germany.
How to protect yourself against phishers
- Ensure that your password is complex/unique and not easy to track
- Multi-factor authentication is very important. Make sure you use it where it is available
- Do not click every link sent to you. Even if the sender is a trusted friend, please confirm from the friend before clicking.