Thursday, March 28, 2024

Malicious Facebook Messenger Chatbots Steal Facebook Pages User’s Credentials

As part of a new phishing attack, impersonating the company’s customer support team using Facebook Messenger chatbots, attackers are trying to steal Facebook credentials for managing specific pages on the site.

The idea behind a chatbot is that it can be used as a substitute for live staff. Chatbots often perform tasks like answering simple questions to customers (or triaging their cases) before passing them along to the person in charge.

It is common practice among marketers and customer service representatives to use chatbots for marketing purposes. 

However, recently, the Trustwave Labs team has detected a very innovative way for hackers to steal the credentials of Facebook page managers. In this case, hackers are using malicious chatbots to steal the credentials of Facebook page managers.

Malicious Facebook Messenger chatbots

The phishing attack is launched by means of an email message. The email notifies the target that their Facebook page has infringed the Community Standards and their page will be taken down unless they appeal the decision within 48 hours.

Facebook users have likely heard of the social networking site cracking down on violators of its rules, so this claim may have resonance with them.

Several errors have been spotted in the message, including the following:- 

  • A mistake in capitalization was made when writing the word “Page”
  • The third sentence has a missing dot at the end

Attack flow

There has been a recent trend to use such typographical errors as indicators that a message is not genuine. In order to access the Facebook Support center, the user must click on the “Appeal Now” button shown above in order to find the page where they can implore the problem.

In order to access the Facebook customer support center, the victim needs to click on that button, which accesses a conversation with an automated chatbot on Messenger.

A standard business page with no followers and no posts is associated with the chatbot on Facebook. Victims would see the following message if they checked the profile:-

  • “Very responsive to messages” 

The above message clearly indicates that the page is actively used and quick to respond.

On the primary phishing page, users are asked to provide the following information if they wish to appeal the page deletion decision:- 

  • Email address
  • Full name
  • Page name
  • Phone number

During the completion of submitting the data and pressing the “Submit” button, a popup appears in which the account password is requested to proceed further. 

Once all the information is acquired, through a POST request all the collected data is then sent to the database that is under the control of the threat actor.

On the final point, the threat actors encourage the victim to enter the OTP that is received through SMS on a fake 2FA page. It is not a legitimate form of submission, since it accepts anything, so it merely serves to give the whole process an air of genuineness.

Once the verification is complete, the victims are directed to an actual Facebook page that contains information regarding intellectual property policy and copyright policies.

To steal credentials from organizations, cyber-threat actors are increasingly using chatbots as part of their phishing attacks. Many sites use automated chatbots and AI to improve their support pages, which makes it difficult to detect these scams.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles