Facebook Users Beware! A Messenger Chatbot Dupes Victims to Steal Passwords

Facebook Messenger chatbot is now duping users of the Meta-owned social media giant to steal their passwords and access their accounts.

A new phishing campaign is out there to steal the login credentials of Facebook users by abusing the chatbot feature of Meta on Messenger.

Facebook Users Beware! A Messenger Chatbot Dupes Victims to Steal Their Passwords — How to Avoid — This illustration picture taken on July 24, 2019 in Paris shows the logo of the instant messaging application of Facebook called Messenger on the screen of a tablet. MARTIN BUREAU/AFP via Getty Images

Maybe this whole malicious campaign has been going on for some time now, but cybersecurity firm Trustwave SpiderLabs only reported it recently.

Facebook Messenger Chatbot and Password Stealing

The recent cybersecurity blog from SpiderLabs notes Facebook Messenger remains to be one of the largest messaging apps out there.

At least that is what the recent figures from no less than Statista claim. Its researcher says that Messenger has nearly 1 billion monthly active users as of January 2022.

And one of the distinct features of Messenger is its chatbot functionality. It allows companies or prominent personalities to keep in touch with the queries of their followers on Facebook.

As per a news story by The Sun, Messenger chatbots could converse and answer questions without the need for a real person, which works best for customer support.

But this time, it appears that cyberattackers have gone on to abuse the chatbot system on Messenger to steal the Facebook login credentials of its victims.

Messenger Chatbot Phishing Campaign: How it Works

While this phishing campaign uses the Messenger chatbot, it starts with an email pretending to be from the giant social network, Facebook.

According to the latest report by Tech Radar, the fake Facebook email tells its victims that they are alarmingly violating the community standards of the largest social media platform.

And as such, their account is scheduled to be completely deleted in the next 48 hours.

Facebook to Implement Changes so It Can Better Compete with TikTok — Is Messenger Returning to the App? — A top Meta executive has revealed plaans for a major design change on the Facebook app to allow the platform to more effectively compete with TikTok. KIRILL KUDRYAVTSEV/AFP via Getty Images

Here's the catch: the email gives the victim an option to appeal the termination of their account by simply clicking the "Appeal Now" link.

Then the link brings the Facebook users to Messenger, wherein they can "appeal" the termination of their account with a fake Facebook customer support chatbot.

From then, the conversation leads to another "Appeal Now" button, which goes to a malicious website that asks victims to provide their login credentials.

It includes a form that asks Facebook users to fill out details like their name, contact number, and email. But to be less suspicious, the phishing campaign would only ask victims to "re-enter" their password to complete the process.

How to Avoid

Tech Radar points out that the whole Messenger chatbot phishing campaign leaves tons of red flags in the first place.

For instance, the email itself already carries several grammar and spelling errors. What's worse, the handle of the chatbot is some random numbers. So look out for these kinds of red flags to avoid getting duped by these hackers.