MILLIONS of Facebook users have been duped by a phishing scam that tricks victims into handing over their account details – leaving them wide open to attack.
The scam is still active on the social networking site, according to experts.
The researchers said that the Facebook credential-harvesting campaign has been active since September 2021 and on a scale that “has potentially impacted hundreds of millions of users”.
The company found that one cyber criminal they tracked had managed to use the scam to steal one million credentials in just four months.
Facebook owner Meta is yet to reply to our request for comment regarding the scam.
How to tell if you’ve been duped
Since the scam works by luring users into giving away their Facebook credentials via numerous phishing sites, anyone who has fallen victim to this attack will find themselves redirected to a website with ads and surveys after completing the fake log-in page.
Your Facebook account would then be used to further spread the campaign, probably via Messenger.
So your contacts will receive messages from you asking them to log in to the same dummy page you were duped by.
How to remain safe
Chartered security professional and security consultant, James Bore, told The Sun that people need to remain more vigilant than ever when using Facebook, especially after the discovery of this phishing campaign.
Most read in Tech
“While these phishing attacks may seem obvious, they can catch out even cautious or experienced users in a moment of inattention,” he warned. “There's a huge number of these scams out there because they're highly profitable for the criminals behind them.”
He recommends that the most useful thing to do to stay safe is to develop a habit of pausing and double-checking whenever being asked to do something unusual or new.
Common sense is the best weapon against these sorts of attacks.
Inspect the website you are on to ensure it is legit before handing over any sensitive information.
However, some of the new methods employed by threat actors are increasingly convincing, meaning even the most experienced users can fall victim to these types of attacks.
If you believe you’ve been hit by this attack, report it to Facebook through the site’s necessary channels and change your account password immediately. Also, be sure to enable two-factor authentication if you haven’t already.
The UK’s National Cyber Security Centre also recommends reporting the hack or any similar through the Action Fraud website, the UK’s national fraud and cybercrime reporting centre.
- Read all the latest Phones & Gadgets news
- Keep up-to-date on Apple stories
- Get the latest on Facebook, WhatsApp and Instagram
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...
- How to delete your Instagram account
- What does pending mean on Snapchat?
- How to check if you've been blocked on WhatsApp
- How to drop a pin on Google Maps
- How can I change my Facebook password?
- How to go live on TikTok
- How to clear the cache on an iPhone
- What is NFT art?
- What is OnlyFans?
- What does Meta mean?
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]