In 2020, a massive phishing campaign on Facebook successfully stole more than 15,000 accounts based in the Philippines. Using FB targeting technology, the scammers were able to identify users who are more likely to engage with their posts. By paying Facebook via sponsored posts, cybercriminals served the scam ads to those more likely to engage with their posts: page admins, 13 years old and above, and located in the Philippines.
The phishing campaign allowed cybercriminals to take over and control accounts and pages of those who clicked the sponsored post. The modus then was simple, pay Facebook to place sponsored posts, ask the targeted users to login into a fake FB page, collect Facebook credentials, then take over the accounts. A Facebook user who is an admin of a page could get almost a hundred of these sponsored posts daily in 2020.
Reporting these scams to Facebook will get you a message that the ad (paid for by the scammers) does not violate the social media giant’s community standards. Posting a comment to these posts would also be useless as Facebook won’t allow you to comment that the post is a scam. Then, the scams suddenly came to a halt.
Just last month, Facebook-sponsored posts that aim to scam users suddenly resurfaced. This time, targeting 18-year-olds and above who are located in the Philippines. What’s surprising is that it looks like no account takeover is happening. While there are warnings all over Facebook, from cybersecurity professionals to people who have possibly seen the sponsored scam posts, there were no reports that accounts were taken over.
The same modus in the 2020 phishing campaign was applied with one twist. Here is how it goes: The scammers pay Facebook to place sponsored posts, ask the targeted users to log into a fake FB page, and collect Facebook credentials. Taking over the account did not happen in this latest phishing campaign, and we asked why. Cybersecurity practitioner and Manila Bulletin’s Data Security Officer Christian Angel has this to say: “These cybercriminals may be just collecting usernames and passwords and then will sell these accounts to those who are willing to pay for them in the future.” Targeted now are users 18 years old and above who are located in the Philippines. We could hypothesize that the compromised accounts would come in handy during the election campaign period in a few months with the upcoming elections. As of now, we have no way of knowing how many accounts were compromised.
If you happen to see Facebook-sponsored posts asking you to re-login on your Facebook accounts, you must be worried. Because if you did, cybercriminals could take over your account anytime. Once they get hold of your account, they could now do anything with it. Cybercriminals could pretend to be you, check your private messages, and ask for money from your family and friends.
With the latest phishing campaign, we fear now that these criminals could collect and save stolen login credentials and use them in the 2022 elections. When cybercriminals take control of your account, they could make it appear that you posted something, endorse a candidate, or support something about an issue.
To know if your Facebook account is compromised, here’s what you need to do: 1) Open the Facebook app 2) click the three lines on the upper right corner of your phone 3) scroll down and click “Settings and Privacy” 4) click “Settings” 5) scroll down and click “Security and login” 6) click “see all” at the right of “Where you’re logged in” 7) Check login locations that you don’t recognize 8) If there are locations that you have not been into, click the three small dots at the right and click “Log Out” 8) Change your password and activate the two-factor authentication feature of Facebook.
Beware, you could be a troll without you knowing it.
(Art Samaniego, Jr. is the head of Manila Bulletin IT Department and is the editor of Technews.)