Be careful, your Facebook account could be hacked by a bot

A new scam is wreaking havoc on Messenger. It involves impersonating the network support team and stealing user credentials.

Also called conversational agent, a chatbot is a “discussion robot”. It imitates human conversations through a chat interface. Normally, they are used to provide answers to simple questions from customers or users or to promote services.

However, chatbots are increasingly used in account hacks. They help automate credential theft and increase the volume of operations.

According to Trustwave, a new hacking campaign involves using chatbots to steal the credentials of Facebook page managers. Concretely, an e-mail informing the recipient that his Facebook page has violated the community standards is sent. He gives her 48 hours to appeal the decision. Otherwise, his page will supposedly be deleted.

This is how the user is prompted to fix the issue from the Facebook support center. And, to access it, he must click on the “Call now” button which will redirect him to a Messenger conversation. As you can imagine, the chatbot, which poses as a Facebook customer service agent, is not a help desk at all.

Once the conversation has started on Messenger, the chatbot sends the victim a “Call Now” button. The latter takes him to a website disguised as a Facebook support inbox, whose URL is not part of Facebook’s domain. The page in question invites the panicked user who wishes to appeal the decision to delete the page, to enter their email address, full name, page name and telephone number.

As soon as the victim finishes entering this information and clicks on the “Submit” button, a pop-up window appears. It then asks for the account password and sends all the information to a database owned by the hacker.

With a little research, we see that the Facebook page associated with the chatbot is a standard business page with zero followers and no posts. On the “chatbot” page, a message states that the profile is “Very responsive to messages”. That is, that it is actively used. Trustwave also warns that the case number on the fake “Facebook support inbox” does not match the one presented by the chatbot earlier in the discussion.

It must still be recognized that the scam is not easy to detect for uninformed users. Indeed, to give a security aspect to the process, when the victim submits his information, a fake two-factor authentication page appears. She is then prompted to enter a one-time password received by SMS. In reality, this authentication page will accept any series of numbers. But that’s not all. The fake verification process redirects the victim to a genuine Facebook page that contains intellectual property and copyright guidelines. These relate to the violation allegedly committed by the user.

The best way to counter this kind of attack is to analyze the URL of pages asking for login credentials. If it’s not a scam, the domain name should match the URL of the legitimate site.

Follow Geeko on Facebook, Youtube and Instagram to not miss any news, tests and tips.