A new Facebook spam campaign has been detected by F-Secure security researchers, the campaign attracting users to phishing pages that attempt to fool users into giving over Facebook or YouTube credentials. The spam campaign has been going on for 14 days and has slowly moved from one country to the other.
The hackers posted shortened links on Facebook pages using the user’s account, but they also spammed the victim’s friends via direct Facebook Messenger messages.
According to the researcher:
“Based on the data from the links, the campaign began last October 15th when it targeted mostly Swedish users. On the 17th, it moved to targeting Finnish users. Then from 19th onwards, it mostly went after German users.”
The entire number of clicks for the whole campaign reached about 200,000, and about 80% of the users were from Germany, Sweden, and Finland.
The spammed content seemed to be a link to a YouTube video, the hackers tricked Facebook’s URL previewing system into displaying the wrong link info by forging metadata. The complete technique has been explained by a security researcher Barak Tawily in a blog post here.
Android users and iOS users were redirected to a phishing page, and other users were redirected to a website that loaded ads.
F-Secure researchers highly recommend the affected users to change their passwords as soon as possible, also change their passwords on other systems and services where the same compromised password was used.