Huge Facebook alert as 5 MILLION accounts ‘stolen and injured’ in major attack

FACEBOOK users are targeted by hackers to steal their logins.

According to cyber researchers, the massive phishing campaign has hijacked an estimated 5 million accounts worldwide.

1

The attacks continue to spread virally via Facebook Messenger on mobile devices.

It’s been around for over a year, but this week it was singled out by Nick Ascoli of PIXM, an anti-phishing browser extension.

In a video for the Tech News website HelpNetSecurityhe explained how the scam campaign works.

Nick’s team identified a number of dubious websites posing as a Facebook login page.

Each website had millions of visits and aimed to trick people into entering their Facebook credentials.

Links to the shady sites are being circulated through Messenger, explained Nick, VP of Threat Research at PIXM.

“Once the attacker compromises a Facebook user’s account, they log into that account — presumably automatically,” he said.

From here, “they distribute new phishing links to all friends of this user,” Nick added.

The attackers even found a way to include the target’s name in the link to make it appear more believable.

Adversaries are believed to be collecting the credentials to sell to hackers on the dark web.

Stolen Facebook logins can open the door to lucrative accounts with banking information, as people often use Facebook to auto-login to shopping websites.

But the attackers running the campaign make their money in other underhanded ways.

Once a victim enters their Facebook details into the fake website, they are redirected to an advertising page.

The hacker could make hundreds of dollars a month from the traffic to this site generated by his attacks.

If you discover a suspected online scam message in the wild, do not click on any links or attachments sent by the attacker.

In general, when something feels awkward about a message or website, it’s best to proceed with extreme caution.

In the UK, you can report suspected fraud to ActionFraud, the national fraud and cybercrime reporting agency.

Their website is actionfraud.police.uk and their phone number is 0300 123 2040.

• Read the latest phone and gadget news
• Stay up to date on Apple stories
• Get the latest on Facebook, WhatsApp and Instagram

We pay for your stories! Do you have a story for The Sun Online Tech & Science Team? Email us at tech@the-sun.co.uk