FACEBOOK users are being targeted by hackers in an attempt to steal their logins.

According to cyber researchers, the massive phishing campaign has successfully hijacked approximately 5 million accounts worldwide.


A phishing scam targets Facebook Messenger usersCredit: Getty

Attacks continue to spread virally through Facebook Messenger on mobile devices.

It’s been around for over a year, but Nick Ascoli of PIXM, an anti-phishing browser extension, highlighted it this week.

In a video for the tech news website HelpNetSecurity, he explained how the scam campaign works.

Nick’s team identified several dubious websites masquerading as the Facebook login page.

Check your Facebook NOW: warning about 'hidden logins' harassing you
Your HIDDEN Facebook 'reject folder' is full of people who ignored you

Each website had millions of visits and aimed to trick people into entering their Facebook credentials.

Links to suspicious pages are distributed through Messenger, explained Nick, vice president of threat research at PIXM.

“Once the adversary has compromised a user’s Facebook account, they log into that account, presumably automatically,” he said.

From here, they “distribute new phishing links to all of that user’s friends,” Nick added.

The attackers have even figured out a way to insert the target’s name into the link to make it look more believable.

Credentials are believed to be collected by adversaries to be sold to hackers on the dark web.

Stolen Facebook logins can open the door to lucrative accounts with banking information, as people commonly use Facebook to automatically log in to shopping websites.

But the attackers running the campaign are making money in other devious ways.

Once a victim has entered their Facebook details on the fake website, they are redirected to an advertising page.

The hacker could be earning hundreds of dollars a month from the page views generated by their attacks.

If you spot a suspicious online scam message, do not click on any links or attachments sent by the attacker.

Generally speaking, if something feels off about a message or website, it’s best to proceed with extreme caution.

Anita Álvarez's trainer jumps into the pool to save her life after she passed out in the water
My children's school told us to pay £142 for a new uniform - families can't afford it

In the UK, you can report suspected scams to ActionFraud, the national fraud and cybercrime reporting centre.

Their website is actionfraud.police.uk and their telephone number is 0300 123 2040.

We pay for your stories! Do you have a story for The Sun Online’s science and technology team? Email us at [email protected]

Leave a Reply

Your email address will not be published.