• Latest
  • Trending
Massive Facebook Messenger phishing operation generates millions

Massive Facebook Messenger phishing operation generates millions

July 6, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Massive Facebook Messenger phishing operation generates millions

by ITECHNEWS
July 6, 2022
in Infosec, Leading Stories
0 0
0
Massive Facebook Messenger phishing operation generates millions

Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.

The campaign operators used these stolen accounts to send further phishing messages to their friends, generating significant revenue via online advertising commissions.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

According to PIXM, a New York-based AI-focused cybersecurity firm, the campaign peaked in April-May 2022 but has been active since at least September 2021.

PIXM was able to trace the threat actor and map the campaign due to one of the identified phishing pages hosting a link to a traffic monitoring app (whos.amung.us) that was publicly accessible ithout authentication.

Massive scale of abuse

While it is unknown how the campaign initially started, PIXM states victims arrived at phishing landing pages from a series of redirects originating from Facebook Messenger.

As more Facebook accounts were stolen, the threat actors used automated tools to send further phishing links to the compromised account’s friends, creating massive growth in stolen accounts.

“A user’s account would be compromised and, in a likely automated fashion, the threat actor would log in to that account and send out the link to the user’s friends via Facebook Messenger,” explains PIXM in the report.

While Facebook has protection measures to stop the dissemination of phishing URLs, the threat actors used a trick to bypass these protections.

The phishing messages used legitimate URL generation services such as litch.me, famous.co, amaze.co, and funnel-preview.com, which would be a problem to block as legitimate apps use them.

Some of the URLs used in the phishing campaign
Some of the URLs used in the phishing campaign (PIXM)

After discovering that they could gain unauthenticated access to the phishing campaign stats pages, the researchers found that in 2021, 2.7 million users had visited one of the phishing portals. This figure went up to 8.5 million in 2022, reflecting the massive growth of the campaign.

Snap from the dashboard of the analytics service
Snap from the dashboard of the exposed analytics service (PIXM)

By diving deeper, the researchers identified 405 unique usernames used as campaign identifiers, each having a separate Facebook phishing page. These phishing pages had page views ranging from only 4,000 views to some in the millions, with one as high as 6 million page views.

Sample of the identified disemination users
Sample of the identified dissemination users (PIXM)

The researchers believe that these 405 usernames represent only a fraction of the accounts used for the campaign.

After the victim enters their credentials on the phishing landing page, a new round of redirections begins, taking them to advertising pages, survey forms, etc.

One of the ads the phised users end up on
One of the ads showed to phished users (PIXM)

The threat actors receive referral revenue from these redirects, which are estimated to be millions of USD at this scale of operation.

Tracing the threat actor

PIXM found a common code snippet on all landing pages, which contained a reference to a website that has been seized and constitutes part of an investigation against a Colombian man identified as Rafael Dorado.

Website belonging to the campaign operator
Website belonging to the campaign operator

It is unclear who seized the domain and placed the notice on the site.

A reverse whois lookup revealed links to a legitimate web development company in Colombia and old sites offering Facebook “like bots” and hacking services.

PIXM shared the results of its investigation with the Colombian Police and Interpol, but as they note, the campaign is still ongoing, even though many of the identified URLs have gone offline.

Tags: Massive Facebook Messenger phishing operation generates millions
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version