Facebook Messenger chatbot is now duping users of the Meta-owned social media giant to steal their passwords and access their accounts.
A new phishing campaign is out there to steal the login credentials of Facebook users by abusing the chatbot feature of Meta on Messenger.
Maybe this whole malicious campaign has been going on for some time now, but cybersecurity firm Trustwave SpiderLabs only reported it recently.
Facebook Messenger Chatbot and Password Stealing
The recent cybersecurity blog from SpiderLabs notes Facebook Messenger remains to be one of the largest messaging apps out there.
At least that is what the recent figures from no less than Statista claim. Its researcher says that Messenger has nearly 1 billion monthly active users as of January 2022.
And one of the distinct features of Messenger is its chatbot functionality. It allows companies or prominent personalities to keep in touch with the queries of their followers on Facebook.
As per a news story by The Sun, Messenger chatbots could converse and answer questions without the need for a real person, which works best for customer support.
But this time, it appears that cyberattackers have gone on to abuse the chatbot system on Messenger to steal the Facebook login credentials of its victims.
Messenger Chatbot Phishing Campaign: How it Works
While this phishing campaign uses the Messenger chatbot, it starts with an email pretending to be from the giant social network, Facebook.
According to the latest report by Tech Radar, the fake Facebook email tells its victims that they are alarmingly violating the community standards of the largest social media platform.
And as such, their account is scheduled to be completely deleted in the next 48 hours.
Here's the catch: the email gives the victim an option to appeal the termination of their account by simply clicking the "Appeal Now" link.
Then the link brings the Facebook users to Messenger, wherein they can "appeal" the termination of their account with a fake Facebook customer support chatbot.
From then, the conversation leads to another "Appeal Now" button, which goes to a malicious website that asks victims to provide their login credentials.
It includes a form that asks Facebook users to fill out details like their name, contact number, and email. But to be less suspicious, the phishing campaign would only ask victims to "re-enter" their password to complete the process.
How to Avoid
Tech Radar points out that the whole Messenger chatbot phishing campaign leaves tons of red flags in the first place.
For instance, the email itself already carries several grammar and spelling errors. What's worse, the handle of the chatbot is some random numbers. So look out for these kinds of red flags to avoid getting duped by these hackers.