Facebook Messenger Phishing Attack Targets Israel, Norway & United States

Facebook Phishing Campaign

Cyberint research team investigated a suspicious Facebook Messenger message that led to the identification of an active Facebook phishing campaign.

Facebook Phishing Campaign


 Cyberint Threat Intelligence Report Provides Detailed Insights & Recommendations for Protection


Tel Aviv – 18 October 2020 – Cyberint, a leading global Digital Risk Protection provider helping clients proactively protect their businesses against cyber threats, has been monitoring a Facebook Messenger attack that started Friday, October 16, targeting almost 500,000 victims around the world.


The initial social engineering-focused lure was via Facebook Messenger from a known contact with a message saying the person in the video looked like the recipient, encouraging the first click. Once clicked, the user is redirected to a fake Facebook login page where the user enters his credentials. At that point, the attacker gains control of the Facebook account and uses it to further spread the attack to the friends of the victim.


The attack targeted mobile users as it is much harder to identify a cyberattack on a mobile device.


“It’s one of the more unusual attacks we’ve seen lately,” says Cyberint Lead Researcher Jason Hill. “The victim was never returned to the targeted site, so at this point we can only speculate it was some kind of referral fraud.”


Upon discovery of the attack, Cyberint’s Research Team immediately notified Facebook, which shut the attack down. They also informed Bit.ly and StackPath, whose servers were being abused within the redirection chain.


“The combination of 24/7/365 AI-based and HumINT capabilities ensured our team was immediately available to identify and contact our clients, while informing Facebook and the others to have them take it down,” said Yochai Corem, CEO of Cyberint. “We commend them on their fast response.”


Cyberint offers real-time monitoring of threats in the deep, dark, and open web such as phishing and malware campaigns, brute-force and credential stuffing threats, data leakage that includes personal identifiable information, and fraudulent activity.


Access the report here.


About Cyberint
Cyberint is a global Digital Risk Protection provider focusing on helping its clients proactively protect their businesses against cyber threats. As a partner to direct-to-consumer businesses worldwide, Cyberint provides organizations with a unique combination of a market-proven Digital Risk Protection Platform and expert cyber analysts. This enables establishment of an effective Cyber Threat Intelligence program while reducing organizations’ TCO. We serve more than 100 brands worldwide across industries as diverse as financial services, retail, gaming, entertainment, and media. https://cyberint.com/