Huge Facebook warning as 5MILLION accounts 'stolen and breached' in major attack | The Sun
FACEBOOK users are being targeted by hackers in an attempt to steal their logins.
According to cyber researchers, the massive phishing campaign has successfully pinched an estimated 5million accounts worldwide.
The attacks continue to spread virally through Facebook Messenger on mobile devices.
It's been around for over a year but was highlighted this week by Nick Ascoli of PIXM, an anti-phishing browser extension.
In a video for tech news website HelpNetSecurity, he explained how the scam campaign works.
Nick's team identified a number of dodgy websites posing as Facebook's login page.
Read more about Facebook
Check your Facebook NOW – warning over ‘hidden logins’ stalking you
Your Facebook’s HIDDEN ‘reject folder’ is filled with people who ignored you
Each website had millions of visits and aimed to trick people into plugging in their Facebook credentials.
Links to the dodgy pages are being distributed through Messenger, Nick, VP of Threat Research at PIXM, explained.
"Once the adversary has compromised the account of a Facebook user, they log in to that account – presumably automatically," he said.
From here, they "distribute new phishing links to all of that user's friends," Nick added.
Most read in Tech
Warning for MILLIONS of WhatsApp users to change settings today – don't wait
Rare seven planet alignment starts TOMORROW – best time to watch
Amazon shows off new autonomous worker robot that's 'set to REPLACE staff'
Four HIDDEN apps on every iPhone that you've probably never seen
The attackers have even figured out a way to insert the name of the target into the link, to make it look more believable.
It's thought that the adversaries are collecting the credentials to sell them to hackers on the dark web.
Stolen Facebook logins can open the door to lucrative accounts with banking information, as people commonly use Facebook to autolog into shopping websites.
But the attackers running the campaign are making money in other devious ways.
Once a victim has plugged in their Facebook details into the fake website, they're redirected to an advertising page.
The hacker could be making hundreds of dollars a month from the hits to that page generated by their attacks.
If you spot a suspected online scam message in the wild, do not click on any links or attachments sent by the attacker.
Generally speaking, if something feels off about a message or website, it's best to proceed with extreme caution.
Read More on The Sun
Anita Alvarez’ coach dives into pool to save her life after she fainted in water
My kids’ school told us to pay £142 for a new uniform – families can’t afford it
In the UK, you can report suspected scams to ActionFraud, the national reporting centre for fraud and cybercrime.
Their website is actionfraud.police.uk, and their phone number is 0300 123 2040.
- Read all the latest Phones & Gadgets news
- Keep up-to-date on Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
Source: Read Full Article