21 min
Facebook Messenger Used to Hack Accounts and Drive Ad Revenue The Human Element
-
- Technology
How many times has a friend of yours posted on Facebook “My account has been hacked, don’t click on any messages from me”?
A massive phishing campaign that utilized Facebook messenger was recently uncovered. This campaign served two purposes for the attackers.
* Serve ads to victims to earn money on ad clicks
* Compromise account credentials using phishing sites with fake log-in pages to further the phishing campaign.
Usually, the message came from someone you know who already had their account compromised. The original article is on Bleeping Computer (link below).
Massive Facebook Messenger phishing operation generates millions
Transcript
0:00
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted, and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in a war against data breaches and ransomware attacks it’s time to educate.
0:52
Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client-focused security-minded proactive IT service provider. Hello and welcome to episode nine phishing through social engineering. And we’re going to use bleeping an article from bleeping computer again this week. I don’t like I don’t usually go for the same source twice. But bleeping computer is a really good site. They don’t talk a lot about social engineering, but they do a little bit and obviously, so we have a couple of two weeks in a row now podcasts with social engineering ties on bleeping computer. And this article is massive Facebook Messenger phishing operation generates millions. And this really shouldn’t come as a surprise to anybody who’s familiar with social engineering. Many of us get scammed on Facebook, Instagram, Twitter, and not so much on LinkedIn, but it can happen on LinkedIn and other platforms. A lot. It happens a lot. And while I have not been successfully scammed on any of those platforms, I certainly get my fair share of attempts. And how so how does it happen in this article, talks about how it happens a little bit. And it says researchers have uncovered a large-scale fishing operation that abused Facebook and messenger, which means that you could conceivably think WhatsApp as well. And I have gotten messages on WhatsApp as well. To lower millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. The campaign operators used these stolen accounts to send further phishing messages to their friends generating significant revenue via online advertising commissions. So while it’s not you would think, okay, they’re just, you know, they’re just getting people to click on ads, and they’re making money off of that you can, you know, sign up as an affiliate and make money off of ads. I’ve done this with AdSense in the past and not currently doing it anywhere. I’ve done this with Amazon as well. Of course, my methods are a little more ethical, these are not ethical methods. So they send in, send you a message from somebody who claims to be your friend. In reality, that account has been compromised, and And chances are, you’re clicking on, as it says you’re clicking on a link in and logging in. They’re stealing your credentials, too. So now they’re going to use your account to do the same thing. So how does this happen?
How many times has a friend of yours posted on Facebook “My account has been hacked, don’t click on any messages from me”?
A massive phishing campaign that utilized Facebook messenger was recently uncovered. This campaign served two purposes for the attackers.
* Serve ads to victims to earn money on ad clicks
* Compromise account credentials using phishing sites with fake log-in pages to further the phishing campaign.
Usually, the message came from someone you know who already had their account compromised. The original article is on Bleeping Computer (link below).
Massive Facebook Messenger phishing operation generates millions
Transcript
0:00
People are the weakest link in any cybersecurity plan. We’re distracted, exhausted, and often unmotivated. It’s time to change the approach used to protect our businesses, technology, identity and data. The human element has to be front and center in a war against data breaches and ransomware attacks it’s time to educate.
0:52
Welcome to the human element podcast, visit our website at the human element dotnet for more content to help you strengthen your awareness of the people problem in cybersecurity. I am Scott Gombar. Owner and Washtech a client-focused security-minded proactive IT service provider. Hello and welcome to episode nine phishing through social engineering. And we’re going to use bleeping an article from bleeping computer again this week. I don’t like I don’t usually go for the same source twice. But bleeping computer is a really good site. They don’t talk a lot about social engineering, but they do a little bit and obviously, so we have a couple of two weeks in a row now podcasts with social engineering ties on bleeping computer. And this article is massive Facebook Messenger phishing operation generates millions. And this really shouldn’t come as a surprise to anybody who’s familiar with social engineering. Many of us get scammed on Facebook, Instagram, Twitter, and not so much on LinkedIn, but it can happen on LinkedIn and other platforms. A lot. It happens a lot. And while I have not been successfully scammed on any of those platforms, I certainly get my fair share of attempts. And how so how does it happen in this article, talks about how it happens a little bit. And it says researchers have uncovered a large-scale fishing operation that abused Facebook and messenger, which means that you could conceivably think WhatsApp as well. And I have gotten messages on WhatsApp as well. To lower millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. The campaign operators used these stolen accounts to send further phishing messages to their friends generating significant revenue via online advertising commissions. So while it’s not you would think, okay, they’re just, you know, they’re just getting people to click on ads, and they’re making money off of that you can, you know, sign up as an affiliate and make money off of ads. I’ve done this with AdSense in the past and not currently doing it anywhere. I’ve done this with Amazon as well. Of course, my methods are a little more ethical, these are not ethical methods. So they send in, send you a message from somebody who claims to be your friend. In reality, that account has been compromised, and And chances are, you’re clicking on, as it says you’re clicking on a link in and logging in. They’re stealing your credentials, too. So now they’re going to use your account to do the same thing. So how does this happen?
21 min
Top Podcasts In Technology