Facebook ‘fake friend’ phishing attack uncovered - here's how to spot it
Published 07/07/2016 | 08:49
A 'global' Facebook phishing scam has been uncovered, with the cyber attack spreading rapidly and initially claiming a new victim every 20 seconds, according to internet security experts.
Facebook users have been receiving rogue messages from ‘friends’ who appear to have mentioned them in posts on the social network.
Compromised devices were then used to hijack Facebook accounts and spread the infection through the victim’s own Facebook friends, Kaspersky Lab security experts say.
“Between the 24th and 27th June, thousands of unsuspecting consumers received a message from a Facebook friend saying they’d mentioned them in a comment,” explains the cybersecurity company.
“The message had in fact been initiated by attackers and unleashed a two-stage attack. The first stage downloaded a Trojan onto the user’s computer that installed, among other things, a malicious Chrome browser extension.
“This enabled the second stage, the takeover of the victim’s Facebook account when they logged back into Facebook through the compromised browser.”
The attack gave hackers the ability to change privacy settings, steal data and spread the infection through the victim’s Facebook friends, Kaspersky Lab say.
An estimated 10,000 Facebook accounts have been infected in South America, Europe, Tunisia and Israel, with the majority of incidents occuring in Brazil. It is not thought to have reached the UK.
“Two aspects of this attack stand out,” said Ido Naor, Kaspersky Lab’s Senior Security Researcher. “Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours.
“Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned.”
Social media users who believe their computer has been infected by the virus have been advised to run a malware scan or to log out of Facebook, close the browser and to disconnect the network cable from their computer.
Facebook say it has now mitigated the threat and is blocking techniques used to spread malware from infected computers, according to Kaspersky Lab.