The Facebook security news today is that there is an ongoing phishing campaign going on by malicious actors via Facebook. The attackers are impersonating victims’ friends in Facebook messenger chats.
All Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.
Here is how it works:
To successfully hijack their targets’ Facebook accounts, the scammers will go through the following steps:
- They first send a message from the previously compromised friend’s account via Facebook Messenger.
- They ask for the target’s phone number, saying they want to help with registering for an online contest promising prizes of thousands of euros/dollars.
- The next stage involves asking for a code sent via SMS allegedly sent by the contest’s organizers to confirm the entry.
- If the SMS confirmation code is shared with the scammers, they will use it together with the phone number to access and hijack the victim’s Facebook account.
- Next, they will change the account password and email address and start forwarding similar scams to the victims’ friends.
Note that they also have created look-alike web pages for logging in to Facebook, Messenger, Instagram, and WhatsApp.
Apple Security Update
Apple has patched more vulnerabilities in the past few days. If you use Apple products, check for updates ASAP and apply any updates found. The updates include MacOS Monterey, iOS, and iPadOS. Some of these are being seen in active attacks.
Nintendo Security Update
Nintendo has warned customers of multiple sites impersonating the Japanese video game company’s official website and pretending to sell Nintendo Switch consoles/games at significant discounts. This currently was reported for the Japanese version of the site, but we may see an English version show up.
Make sure any switch users in your family know how to tell if they are on the real site or not.
Other Security News
As an FYI, the most common successful phishing attacks include; Internal HR mimic, CEO fraud, Document shares, and service issue notifications. Many companies have the ability to tag emails that originate from the outside as coming from an [External sender] to help identify genuine HR emails from spoof attempts.
————-
DHL is the most imitated carrier for text/SMS/email notifications from attackers. If you get a text or email about a DHL delivery, do not click it. If you are expecting a package, go to the DHL website instead of using a link.
————-
If you are an AT&T phone user and you get a text that your bill has been paid with a link, it is malicious. I have received about 2 of these per week for the past month. Just delete the text. If you have clicked the link, then you should back up your files and wipe your phone as it is likely infected.
————-
And a reminder to check your network-connected devices for updates. That means ALL of them.
In particular, for this month, a new botnet source code was uploaded to GitHub in recent days that affects D-Link routers, NetGear routers, Linksys routers, and ZTE cable modems. If you have any of these, you need to be sure it has the latest firmware ASAP, and if the latest firmware is more than a couple of years old, consider updating your router to a newer model.
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc
501-801-6706
