As phishing attacks continue to be a go-to for threat actors, one scam found that a user had stolen a million Facebook account credentials over a span of just four months. Anti-phishing company PIXM found that a fake login portal for Facebook was being used as a stand-in for the social network site’s landing page, and that users were entering their account information in an attempt to log in to the site only to have their information stolen.
“It’s impressive the amount of revenue that a threat actor can generate even without resorting to ransomware or other common forms of fraud like requesting gift cards or emergency PayPal requests,” said Chris Clements, vice president of solutions architecture at cybersecurity company Cerberus Sentinel. “With enough scale, even actions like advertising referrals that result in pennies can add up to amounts that become compelling for cybercriminals to exploit.”
The phishing tactics used to steal Facebook credentials
When PIXM took a further look into the fake landing page, it found “a reference to the actual server which is hosting the database server to collect users’ entered credentials”, which had been modified from that of the legitimate URL, and led to a series of redirects. Also within the code, PIXM discovered a link to a traffic monitoring application, which allowed the anti-phishing company to view the tracking metrics. This led to PIXM uncovering not only the traffic information from the cybercriminals page, but also a host of other fake landing pages as well.