This Facebook Messenger phishing scam is stealing millions of passwords

Ah, Facebook Messenger. It’s where we swap memes, catch up on gossip, and reconnect with old classmates. Lurking behind that chat bubble is a new threat. It is a cleverly disguised scam by hackers aimed at both businesses and individuals on the platform.

According to Guardio Labs’’ researchers, every week, an overwhelming 100,000 phishing messages target Facebook users from North America all the way to Southeast Asia. If you’re running a business, take note: 7% of Facebook Business accounts have been targeted, with a concerning 0.4% falling victim, downloading the harmful payload consisting of malicious malware.

 

The art of digital deception

Hackers are upping their game, using familiar faces and alarming tactics to lure you into their traps. They’re cleverly impersonating the people who run the platform and sending out “copyright violation” alerts that seem pressing.

If you run a Facebook Business, such alerts can create a moment of panic. And in that split second, you might accidentally click and download a seemingly innocent attachment.

Attachments with hidden dangers

The real danger? That seemingly ‘innocent’ attachment might not be so benign. There’s a chance it could be laced with malware. In some cases, this malware can start a domino effect, potentially sourcing further malicious content from places online where crooks store files.

It can get even sneakier. Some of these files might contain code with the capability to try and snatch cookies and login credentials from browsers and potentially sell them on the dark web.

How hackers compromise friends and contacts

The deception doesn’t stop at fake alerts. While the threat of fake profiles has always been there, the real game-changer is the hackers’ skill in taking over genuine accounts. How? It often starts with a well-crafted phishing message, possibly disguised as an attachment.

Once an unsuspecting user downloads this, it can trigger a series of events. The malware inside these files can potentially extract cookies and login credentials from browsers, giving hackers the keys to the kingdom.

Now, imagine getting a suspicious message not from a stranger but from Jane, your childhood friend, or Bob, the guy you often chat with at the local cafe. Unbeknownst to them, their accounts have been hacked, turning them into unwitting accomplices.

MORE: HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

MORE: HOW TO AVOID BEING A VICTIM OF THIS SNEAKY FACEBOOK MARKETPLACE SCAM

Why Messenger?

Simple. It’s the trust factor.  We’re used to getting emails from strangers, but Messenger is where we talk to our friends. We feel safe and relaxed there.

And that’s exactly what the scammers want. They know it’s easier to trick you when you’re not suspicious, and your guard is down. That’s why Messenger is a perfect place for crooks to spread their scams.

 

ARE YOU PROTECTED? SEE MY 2023 BEST ANTIVIRUS PROTECTION WINNERS

Guarding yourself against Messenger phishing

Trust, but verify: While it’s nice to trust our friends and contacts, always be wary of unexpected or out-of-character messages. If someone you know sends you an unusual attachment or link or discusses topics they never have before, be skeptical.

Verify outside of Messenger: Should you receive a suspicious or unexpected copyright violation notice, message from Facebook, or any other alert – don’t panic. Reach out to the sender outside of Messenger. A quick phone call or text can help clarify whether the message is genuine.

Have strong antivirus protection on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Strong antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.

See the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2023

 

Update regularly: Hackers often prey on vulnerabilities found in outdated software. Regularly updating your apps, browser, and operating system ensures you’re protected by the latest security patches.

Have strong passwords and use 2-factor authentication: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. And 2-factor authentication is just an extra shield that will prevent a hacker from getting into your accounts. Make sure to use a password manager to keep track of all your passwords.

Act fast: At the slightest suspicion that you’ve been targeted, change your Messenger and Facebook passwords. Review your active sessions on Facebook (located in your security settings) and log out of any unfamiliar devices.

Use identity theft protection

If you run a Facebook business, there’s a good chance you could be a target of hackers who use fake alerts to trick you into downloading malware that can steal your personal information and sell it on the dark web. Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

See my tips and best picks on how to protect yourself from identity theft

 

Invest in removal services

If you want to protect your online privacy and security, you might consider using a removal service that can help you delete your personal data from hundreds of sites and prevent hackers from exploiting your information.

While no service promises to remove all your data from the internet, having a removal service can be effective if you want to constantly monitor and automate the process over a longer period of time.

See my tips and best picks for removing yourself from the internet

 

MORE: DON’T FALL FOR THESE FAKE PACKAGE DELIVERY NOTIFICATIONS

 

If you suspect you’re a victim

Secure your account: Immediately change your password to lock potential hackers out. If you’re locked out of your account, contact Facebook’s support immediately to recover it.

Inform your contacts: Alert friends and family so they’re aware and won’t be duped by messages or requests coming from your compromised account.

Scan for malware: If you’ve downloaded an attachment or clicked a link from a suspicious message, run a thorough system scan using a trusted antivirus or malware detection tool.

Monitor account activities: Keep an eye on your active sessions, messages sent, and any changes made to your account. Any unfamiliar activity should be reported and reversed.

Seek expert help: If you believe your personal information, such as financial data or other sensitive details, has been compromised, consider reaching out to cyber security professionals or services that can guide you on further recovery and protection steps.

 

Kurt’s key takeaways

As we increasingly live out our lives online, the virtual world becomes just as full of dangers as the physical one. It’s a stark reminder that the convenience of platforms like Facebook Messenger comes with its own set of challenges that we should constantly be on the lookout for.

So, next time you chat with someone online, think twice before you click or type. You never know who might be on the other end or what they might do with your data.

Have you ever received a suspicious message on Messenger or any other platform that made you think twice? How did you handle it? Let us know by commenting below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

Answers to the most asked CyberGuy questions:

 

Related posts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

Massive data breach at federal credit union exposes 240,000 members