Have you upgraded your Facebook Messenger yet?
Please don’t if you see an ad that asks you to update. It’s the new scam in town.
Fake Facebook Messenger Scam Aims To Steal User Data
Scammers would target Messenger users by advertising what appeared to be an upgraded version of the web messaging app, which, well, just steals your data.
To make the scam work, accomplices would first register fake accounts with names closely resembling the words “Facebook Messenger”, using the real Messenger logo as their profile photo.
These names apparently included “Facebook Massanger”. They might have come from the same people behind Cherlss & Keich and Loius Vuitton.
These accounts would then make posts promoting what’s supposedly an “upgraded” version of Facebook Messenger, claiming it would have features such as records of visitors to your profile, restoring deleted messages, and further upgrades to “Gold Messenger”.
The posts also included links users were prompted to click to download the app; they had been shortened with link shortening services to sneak past Facebook’s scam filters.
The scammers even managed to use paid advertisement features by Facebook itself to promote their fake Facebook apps. Sneak 100.
The links would then direct susceptible users to a scam site where they are prompted to key in their login data. Ta-da, scammers have access to everything on your account now.
The account data could then be used to blackmail victims by forcing them to pay to have their account restored. The compromised accounts can also be used to further the scam by posting more scam ads.
Some users were even coerced into signing up for the “upgrade”, by claiming their accounts would be permanently banned without registering for the scam.
They are really desperate, huh.
Past legitimate Facebook updates, including major ones such as one enabling cross-app messaging between Facebook and Instagram, were installed automatically without the need for action on users’ part. Much less clicking into shady sites.
Even if you really need to update manually, you should go to the Google Play Store (for Andriod users) or the App Store (for Apple users) to do your update.
Scammers Preying On User Carelessness
To date, more than 5,700 such posts have been made and detected, directing about 2,000 users to scam sites daily.
Group-IB, an international cybersecurity company, believes scammers have exploited users’ carelessness online to succeed.
According to Ilia Rozhnov, a senior official of the firm, “clicking on an attractive ad, proposal, or headline has become a natural human reflex.”
Group-IB cautions social media users never to reveal their personal data on third-party sites, and to be alert when clicking on links leading to external sites.
Mr Rozhnov also believes “it is up to brands… to set things straight… by ensuring their names are not used to trick unsuspecting customers into a scam.”
Facebook has stated it is investigating the matter, and pledges to “take immediate action to remove illegal activity as quickly as possible.”
Well, maybe they can…delete the fake Facebook ad from Facebook? #justsaying
Featured Image: Group-IB