Wednesday, July 24, 2024
HomeCyber CrimeLarge-scale Facebook Phishing Operation Discovered

Large-scale Facebook Phishing Operation Discovered

Researchers revealed a large-scale phishing campaign aimed at luring millions of Facebook and Messenger users. Users are directed to phishing pages, where their credentials are taken and advertisements are presented in order to generate cash.

The phishing scheme

The campaign began in September 2021 and reached its height in April–May 2022. The stolen accounts were used to send more phishing messages to their acquaintances, exponentially spreading the campaign and collecting more cash through ad display.

The attacker was followed down and the campaign was traced back to one of the phishing pages that had a link to a traffic monitoring app ( that could be accessed without authentication.

It’s unclear how the campaign chose its victims at first. Researchers believe that victims were sent to phishing destination pages via a series of Facebook Messenger redirection.

Researchers discovered an identical code fragment in all landing pages, which featured a reference to a website that had been confiscated as part of a Colombian man’s inquiry.

After-infection procedure

Following the theft of more Facebook accounts, the attackers employed automated systems to send more phishing links to friends of the compromised accounts, resulting in a substantial increase in the number of stolen accounts.


Genuine URL generating services (e.g. litch[.]me, famous[.]co, amaze[.]co) were utilised in the phishing messages, which are difficult to block with security software because these services are known to be used by legitimate apps.


A new round of redirections begins once a victim enters their account details on the phishing landing page. The victims are redirected to advertising pages and survey forms, among other things, as a result of this redirection.

Additional Considerations

Around 2.7 million people accessed one of the phishing portals in 2021. This year’s total has risen to 8.5 million.

There were also 405 other usernames used as campaign IDs, each with its own Facebook phishing page.

These phishing pages received 4,000 views at first, but that number has already risen to millions, with one page receiving 6 million views.



Even though majority of the detected URLs are now offline, the phishing activity continues. Furthermore, attackers have had success using genuine services to get around URL filtering. Users are advised to remain watchful and use two-factor authentication to keep protected.

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us