Summary: Fake phishing messages have been circulating over the past few months through Facebook Messenger, tricking 10 million users, the security news site Threatpost reports. It is said that the purpose of this phishing campaign is to steal users’ credentials, and it is said that they are still active. There seems to be only one attacker who carried out the campaign, and if all of these information are true, it is estimated that the criminal would have made a lot of money. The attack was carried out through automated technology, and on its own was mediocre, security firm PIXM said.
Background: When an attacker clicks on a malicious link sent by an attacker, it leads to a legitimate page and service. Because of this, it seems that the security devices of the Facebook platform did not catch this malicious campaign. It is said that the malicious phishing page is connected after several bypass connections.
Words: “When we tracked down, the number of victims was estimated to be about 2.8 million in 2021 and 8.5 million as of 2022. This means that the number of credentials that the attackers have earned as revenue is about 10 million. Selling on the dark web can make a lot of money.” -PIXM-