Biggest Facebook Phishing Scam – 600000+ Credentials Stolen

Enormous news is coming out, the agency discovered another largest scale phishing scam conducted through GitHub pages and stole more than 600000+ Facebook account credentials. In this phishing scam, the targeted audience is majorly from Nepal, Egypt, Pakistan, the Philippines, and many other countries. 

This is the second-largest scam ever happens after the scammer steals more than $100 million from Google and Facebook.

Facebook scam

This all started from a Facebook post uploaded by Nepal Telecom that offers 3 GB mobile data and redirects the users directly to the phishing site hosted through GitHub pages. Before moving further let’s have a look on what is Phishing?

What is Phishing Scam?

Facebook Phishing Scam

It is a process in which targets are reached by email, text message, ad-post as a legitimate association by an attacker. It is a fraud attempt to obtain the liable information or data of the victim such as username, password, credit card details, or anything that the actor needed by representing yourself as a faithful organization through electronic communication.

This entire campaign is well planned and specially designed for specific countries. In the upcoming section, we will describe the entire working of it and we will also describe how the attackers can penetrate with more than 60000+ accounts. 

Who is affected by this Scam?

According to the agencies, more than 600000 + users get phished and they are rapidly increasing to 100 users per minute. More than 50 countries were affected by this scam. The total no of affected users is still not figural.  

How did this Phishing Scam work?

Facebook Scam

This entire campaign is started from localized Facebook posts in Nepal, they use Nepali Language and Offers free 3GB of the internet by just singing on the like that they provide, and for making this post more effective they created and used Nepal Telecom service provider account.

Facebook Phishing

The post created for Nepal users on Facebook containing the profile picture of Nepal Telecom and looks like the original post and this targeted post varies according to different counties. This type of similar post is seen in other countries like Pakistan, Egypt, the Philippines, etc.

Facebook Scam
Facebook Scam

All these posts directly redirected you to the Github website that opens a genuine Facebook login panel. Once you enter the credentials it takes them to the Firestore database and the domain used by the phishing group.

Preventions or Steps Taken

Facebook takes prevention measures to blocked these phishing ads. But these attackers are very smart they used Bitly Link’s to break the Facebook firewall. 

According to experts more than 500 GitHub containing the phishing pages that are used in this phishing campaign. The domain used in this scam is created on 3rd April 2020 and hosted by GoDaddy. According to research, the scammers were active for 5 months and they perform multiple trials before executing this phishing scam.

Agencies are taking tough steps to take down this phishing scam with the help of authorities. This scam is very sophisticated and it is executed on a very large scale as the affected users are increasingly growing as more than 100 per minute and agencies are still investigating and will update once they track the actor.

Leave a Reply