ADVERTISEMENT

We uncovered a Facebook phishing campaign that tricked nearly 500,000 users in two weeks

Facebook phishing campaign featured image
Cybernews Team
Feb 9, 2021 Updated: 16 January 2026 5 min read

Close to 500,000 victims

Cybernews pro tip

Every week, thousands of social media accounts are compromised and stolen by phishers. A quality password manager will help you keep your online accounts secure.


How the phishing campaign works

The message

The “legitimate” phishing page

The website appears to be legitimate. However, a malicious XML file has been injected into its code.

How we uncovered the threat actor behind the campaign

ADVERTISEMENT
script designed to harvest credentials
After obtaining the identifier, we were able to access the threat actor’s dashboard to determine the scale of the campaign.
diagram Facebook phishing most affected os
Facebook phishing most affected browsers diagram

The motive

register

Steps we’ve taken to mitigate the threat

  • We have reported the phishing campaign with the relevant information to Facebook to help stop the spread of the campaign on the social media platform.
  • We have informed the wal.ee link shortening service to disable the short URL that redirects to the malicious Facebook phishing page. At the time of publishing they have removed the malicious script from their website.
  • We have sent all the relevant information and evidence from our investigation to CERT Germany since it is evident that the campaign primarily targets German citizens.
  • We have sent the relevant information to Dominican CERT, as some artefacts and evidence point that the campaign was launched from there.
  • We have informed the website compromised by the threat actor that it serves malicious scripts.

How to protect yourself against phishers

  • Use unique and complex passwords for all of your online accounts. Password managers help you easily create strong passwords and notify you of password reuse.
  • Use multi-factor authentication where possible.
  • Beware of any messages sent to you, even from your contacts. Phishing attacks usually employ some type of social engineering to lure users into clicking malicious links or downloading infected files.
  • Be mindful of any suspicious activity on your Facebook or other accounts.

Build your secure personal and business online presence

ADVERTISEMENT