Once again social networks are taken advantage of by cybercriminals to perform deception. ESET, a company specialized in threat detection, has detected a new type of attack, very active in Latin America in recent months, on Facebook.
Deception takes advantage legitimate broadcasts, made from the official accounts of famous personalities, to be published as live broadcasts from fake accounts and thus impersonate the identity of these public figures.
In these false “alive”, As they say to these transmissions, the scammers publish the videos and invite through the chat to participate in a dynamic in which they must decipher a visual puzzle. Once the puzzle is solved, the victims must post the answer in the comments to be “eligible” and thus receive a supposed prize.
Once the user submits the response, automatically from the apocryphal account they communicate by private message, indicating the steps to follow to claim the promised money. The victim must first share the post on their home page, and then inform friends and family of this “opportunity”. Once the victim shares it, they receive a message with a link behind the option “Check in” that leads to a site where you must enter your personal data, supposedly to verify that you are a real person and thus obtain the prize.
The messages that reach the victim
According to the campaigns identified by ESET In recent weeks, aimed at users in Latin America, the links meet a certain pattern: they are dominios.blogspot.com. They contain full names and images of the figures whose identity is impersonated in Facebook accounts, and include another link below that leads to the instance in which they must register the data.
These sites refer to the amount of money to deliver and use a timer that gives the victim two minutes. The latter, they mention from ESET, It is a social engineering strategy to pressure the user to decide to take the plunge and enter sensitive information.
The second link within the site redirects to advertising websites, ending at a site that asks the victim for a email and password to subscribe to an online movie service. In addition, this system asks the victim for sensitive information about means of payment, such as credit card numbers and codes, for an alleged identity verification.
In case of moving forward, the victim will be redirected back to ad-ridden sites, no longer making any reference to the prize offered. It is not an isolated attack, since a simple search among the live broadcasts available on Facebook revealed that dozens of similar publications were active with another aspect in common: the preference for the Latin American afternoon slot.
Facebook, latest news:
–
– .
