Summary:

• Links tricked detection software by masking as legitimate services.
• In just 4 months, these phishing attempts resulted in 1 million credentials being stolen.
• Authorities in Colombia have received information from PIXM Security about this phishing attack.

What Happened?

By circumventing traditional software detection of phishing attempts by creating a legitimate landing page as its first destination, these bad actors were able to then forward you the user to the page where you’d be prompted to provide your Facebook credentials. Links sent through Facebook Messenger were designed to look like legitimate links, but once they've fooled the automated system, that's when the phishing started. These links would redirect to a landing page that prompts to collect Facebook credentials of the user, then utilizes those credentials to automate the spread of the attack by sending similar links to the user's friends list.

‍

This phishing scam grew from 2.7 million users visiting the phishing campaign sites in 2021 to a 315% increase to 8.5 million visitors in 2022, a research by PIXM has found. These bad actors were found to be located in Colombia through the research done by PIXM Security, which lead to their findings being sent to Colombian Police, and INTERPOL.

‍

Interested in learning more about how PIXM found out who was behind this attack? Visit their post here: https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/

‍