Be Careful Facebook Users! Scammers Are Using Pornographic Images to Hack Your Account!

Few days ago, Maxime Kjaer named researcher found some malicious Chrome Extensions (“Age Verify” etc.) which were allowing hackers to steal login credentials of innocent Facebook users. After investigation, all these extensions had been blacklisted by Google.

Recently, a new Facebook phishing scam has been detected by researchers. In this latest scam, hackers are spreading malicious pornographic images to trap the innocent users. Phishing filters of Facebook are not detecting these type malicious links. Hackers are showing interest in the social profiles of innocent users. It has its own reasons.

How to Recognize These Malicious Links?

Scammers are using Facebook groups to spread these links. They are posting pictures of “Nude Girls” with a fake play button, as a comment on group posts. To make it look like a genuine picture they are writing some text in description such as “This video already has thousands of shares, thousands of like and thousands of views”. Here is an example of it:

"Groups Russian-Teen-Girls-18-CLICK HERE to Watch. It already has 400 Share, 900 Comments, 5.550 Likes, 8000 Views”.

How These Pornographic Images are Hacking Accounts?

When Facebook user clicks on these links, browser redirects him/her to a third party website. The index page of that website looks like Facebook. A login form has been added by hackers on the page to steal login credentials of user. Normal user think that it is a webpage of Facebook. When users fills the login details and clicks on the “Login” button, scammers got the account credentials of victim through command and control (C&C servers). To keep the victim busy, fake survey questions have been planned by the scammers. In some cases, a pop up is occurring which is telling the victims to “Install Flash Player Plug-in”. This could be more dangerous as compared to normal attacks. In normal phishing scam, hackers will only get Login credentials of Facebook, but installation of these malicious “Plug-ins” may give the full control of system to the hackers.

Motive of Hackers behind this Scam?

To steal the Login Details of Facebook Accounts.

To earn more revenue by liking pages from the hacked Facebook accounts.

Getting More Likes on their Facebook Page.

To spread Malicious Links, because an average Facebook user is connected with minimum 500 people.

By hacking Facebook accounts, scammers could try the same credentials on other social profiles such as Twitter and LinkedIn. Because 50% people used the same password and username on the social profiles.

Security Tips for Facebook Users