ADVERTISEMENT

Facebook phishing campaign that tricked nearly 450,000 users in Germany is now spreading in the UK

facebook phishing 2 featured img
Cybernews Team
Feb 15, 2021 Updated: 23 June 2022 3 min read
users by countries

Further investigation

message

A new tracking code for a new phishing campaign

facebook phishing campaign tracking code found in source code
After obtaining the identifier, we were once again able to access the threat actor’s dashboard in order to determine the scale of the campaign.
number of users affected by facebook phishing campaign by browser
number of users affected by the phishing campaign by OS
ADVERTISEMENT

New domains used for other scam campaigns

  • http://blacksar.xyz
  • http://blacksar.in
  • Http://blacksar.co
  • Http://berafle.xyz
  • Http://blacksar.date
  • Http://blacksar.me
  • Http://blacksar-dns.me
  • http://bendercrack.com

The attacker’s motives

facebook phishing campaign referral code
Screenshot of Adsleading cached website Homepage
screenshot of a chat with the scammer

Steps we’ve taken to mitigate the threat

  • We have reported the phishing campaign by giving relevant information to Facebook in order to help stop the spread of the campaign on the platform.
  • We have informed the wal.ee link shortening service and asked them to disable the short URL that redirects to the malicious Facebook phishing page. At the time of publishing, they have removed the malicious script from their website.
  • We have sent all the relevant information and evidence from our investigation to CERT United Kingdom since it is evident that the campaign primarily targets UK residents.
  • We have sent the relevant information to Dominican CERT, as some artefacts and evidence point that the campaign was launched from there.
  • We have informed the breached website that serves the malicious scripts.

How to protect yourself against phishers

  • Use unique and complex passwords for all of your online accounts. Password managers help you generate strong passwords and notify you when you reuse old passwords.
  • Use multi-factor authentication (MFA) where possible.
  • Beware of any messages sent to you, even from your Facebook contacts. Phishing attacks will usually employ some type of social engineering to lure you into clicking malicious links or downloading infected files.
  • Watch out for any suspicious activity on your Facebook or other online accounts.
ADVERTISEMENT