Cybersecurity Phishing

One Million Facebook Credentials Stolen Over a 4 Month Period

Social media has become one of the primary breeding grounds for phishing scams. Between the suspect messages received from unknown accounts to the clearly fictitious posts with strange links shared by some of our distant relatives, phishers have certainly found a way to engrain themselves in the lives of the masses through social media sites. One of the worst sites for phishing scams is the one that has been around since 2004 and has over 2.9 billion active users on a monthly basis – the father of them all, Facebook. Though there were some social media sites prior to this site (Tom from MySpace says hello!), Facebook has been a powerhouse in the social media game for longer than virtually any other site with high activity today.

Phishing scams like those mentioned above are commonly seen on Facebook over other sites due to the high number of fake profiles found on them. Additionally, this is one of the most commonly used social media sites by seniors, who often find themselves as a cybercriminal’s primary target demographic. One such phishing scam targeted any and all Facebook users and resulted in a cybercriminal stealing one million account credentials from the social media giant over a four month period.

The attack was uncovered by PIXM, an anti-phishing company, who found a fake login portal being used essentially as a placeholder for Facebook’s usual landing page. The phisher was able to steal account login credentials by duping users who were attempting to login as though the page was a legitimate portal to the social media platform. Different than a breach where the account login information is stolen from a database, this attacker was able to steal the account information from the victims directly.

Upon closer look, it was found that the fake landing page had “a reference to the actual server which is hosting the database server to collect users’ entered credentials.” In addition to this, PIXM found that if the code was looked at, there was a link present that went to a traffic monitoring application in order to view traffic to the page. This discovery allowed the anti-phishing company to find other fake landing pages as well.

When logging into your social media accounts, it is important to be careful. Never enter your login credentials for a given social site through a link that was sent to you. It may look legitimate, but could be a fake landing page, as was the case for this attack. Be sure to check the URL for any site before entering any login information. When in doubt, open a new tab in your browser and navigate to the page you were trying to login to on your own. This is the best way to be sure you are logging into a legitimate site.

Image by natanaelginting for Freepik.