Cybersecurity firm Sophos has detailed a scam where cybercriminals are leveraging users’ instant messaging or social media passwords.
Scammers trick users to gain access to their social media accounts as part of the scam. They then leverage these passwords to carry out a chain of scams where they leverage the user’s instant messaging or social media account to trick the user’s friends and family.
Sophos explained the scam citing an example of a Facebook Messenger scam.
“A scammer with your instant messaging or social media passwords is not only a menace to you, but also to those around you, as one of our readers discovered this evening when he received a note from a friend via Facebook Messenger that said: Is it you in the video?,” explained Sophos.
The video was simply a black image that linked to a URL shortening service. The URL redirected the user to another URL that looked like a Facebook login page.
“The URL (redacted above) clearly has nothing to do with Facebook – it’s a randomly-generated server name on a boutique Hungarian web hosting platform – and, as you can see from the crossed-out padlock icon in the address bar, the site uses HTTP and not HTTPS,” explained Sophos.
“Unfortunately, putting in your username and password into the fake login page above would submit them to a server running on a low-cost web hosting service in the USA, using a vaguely legitimate-looking domain name that was registered less than a month ago,” it said.
As it turned out, the user discovered that their friend had received a similar message and had their password stolen while attempting to log into the fake Facebook page.
This scam goes even further after a user attempts to log in. After they enter their password in the fake login page, the victim experiences a short delay after which the scammers seem to pick from a range of other scams and redirect them to those scam pages randomly.
“These didn’t look as though they were being run by the same criminals, so we’re assuming the message-spamming crooks were simply hoping to collect “affiliate fees” from other criminals in the underground,” Sophos said.
“These “second redirect” scams varied from specious VPN offers to a range of those “free” phone deals where all you need to do is pay a modest delivery fee (£1.95 in the variants we saw here), thus giving the crooks a believable excuse to collect your credit card details,” it said.
The firm urged users to wary of such scams. It further advised social media users to enable two-factor authentication as well as tools such as password managers and anti-virus service for additional security.