• Latest
  • Trending
Malicious Messenger chatbots used to steal Facebook accounts

Malicious Messenger chatbots used to steal Facebook accounts

June 29, 2022
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Tuesday, 28 March, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Malicious Messenger chatbots used to steal Facebook accounts

by ITECHNEWS
June 29, 2022
in Infosec, Leading Stories
0 0
0
Malicious Messenger chatbots used to steal Facebook accounts

A new phishing attack is using Facebook Messenger chatbots to impersonate the company’s support team and steal credentials used to manage Facebook pages.

Chatbots are programs that impersonate live support people and are commonly used to provide answers to simple questions or triage customer support cases before they are handed off to a live employee.

In a new campaign discovered by TrustWave, threat actors use chatbots to steal credentials for managers of Facebook pages, commonly used by companies to provide support or promote their services.

Chatbots in Facebook Messenger

The phishing attack starts with an email informing the recipient that their Facebook page has violated Community Standards, giving them 48 hours to appeal the decision, or their page will be deleted.

YOU MAY ALSO LIKE

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Data Leak Hits Thousands of NHS Workers

Phishing email sent to random targets
Phishing email sent to random targets (TrustWave)

Supposedly, the user is offered a chance to resolve the problem in Facebook’s Support center, and to access it, they’re urged to click on an “Appeal Now” button.

Clicking that button takes the victim to a Messenger conversation where a chatbot impersonates a Facebook customer support agent.

The phishing chatbot on Messenger
The phishing chatbot on Messenger (TrustWave)

The Facebook page associated with the chatbot is a standard business page with zero followers and no posts. However, if a victim checked the profile, they would see a message stating that the profile is “Very responsive to messages,” indicating that it is actively used.

Chatbot's Facebook account page
Chatbot’s Facebook account page (TrustWave)

The chatbot will send the victim an “Appeal Now” button on Messenger, which takes victims to a website disguised as a “Facebook Support Inbox,” but the URL is not part of Facebook’s domain.

Also, as TrustWave notes, the case number on that page doesn’t match the one presented by the chatbot earlier, but those details are still not likely to expose the fraud to panicked users.

The main phishing page, shown below, requests users who want to appeal the page deletion decision to enter their email address, full name, page name, and phone number.

Form requesting user data
Form requesting user data (TrustWave)

After this data is entered in the fields and the “Submit” button is pressed, a pop-up appears requesting the account password. After that, all information is sent to the threat actor’s database via a POST request.

Pop-up window requesting account password
Pop-up window requesting account password (TrustWave)

Finally, the victim is redirected to a fake 2FA page where they are urged to enter the OTP they received via SMS on the provided phone number. That page will accept anything, so it’s just there to create a false sense of legitimacy in the whole process.

Fake OTP step page
Fake OTP step page (TrustWave)

After the verification, the victims land on an actual Facebook page containing intellectual property and copyright guidelines that are supposedly relevant to the user’s violation.

Because the phishing attack is automated, the actual exploitation of the stolen credentials may come at a later phase, so the threat actors need to create this false sense of legitimacy in the victims’ minds to delay any breach remediation actions.

Threat actors increasingly use chatbots in phishing attacks to automate the stealing of credentials and to increase the volume of their operations without spending considerable resources or time.

These types of scams are harder to detect, as many sites utilize AI and chatbots as part of their support pages, making them seem normal when encountered when opening support cases.

As always, the best line of defense against phishing attacks is to analyze any URLs for pages requesting login credentials, and if the domains do not match the legitimate site’s regular URL, then do not enter any credentials on that site.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Malicious Messenger chatbots used to steal Facebook accounts
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023

Recent News

  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • EU Cybersecurity Agency Warns Against Chinese APTs February 20, 2023
  • How Your Storage System Will Still Be Viable in 5 Years’ Time? February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version