Facebook phishing attempt using image share notifications

Just a short post to report an interesting phenomenon!

Today i’ve been targeted by an unusual phishing attempt on my Facebook account:

I’ve received a notification sayng that a account named Fəcebook Servıce 05 (pay attention to ə character) the shared one of my photos (in this case, my profile photo).

The photo has been shared on the page of the strange profile, whit this caption:

Your account will be deactivated⚠
This is because someone has reported you that there is a difference between content, because it violates the terms of service. If you are the original owner of this account, confirm your account to avoid blocking.
Please confirm your account here:

└► http://fb-recovery-1000001517-reg.16mb.com/update_security.…

🔒If you do not confirmation, our system will automatically block your Facebook account and you will not be able to use it again.
Thanks for helping improve our Facebook service.
Best Regards
Facebook Security Team

This is a clear attemp of social engineering: the attacker try to scare the target and induce it to open a link.

Obviously, the link lands on a fake login (hxxp://fb-recovery-1000001517-reg.16mb.com/update_security.htm?confirmation&fbclid=XXX), with a ‘mobile’ layout: every credential sent reply with a login error, but at this point credential are already stolen!

(TLDs of 16mb.com domain are often present in TI reports)

So pay attention to such events, and report the phishing attempt: the Facebook security team would certainly not contact you in that way!

Related posts

  1. Social Engineering in penetration tests: my point of view and my own custom tool
  2. Google and Facebook surveillance threatens human rights, Amnesty International says
  3. New WhatsApp vulnerability allows remote command execution using a crafted MP4 file
  4. A glitch on Facebook App’s UI reveals a weird camera activity
  5. Light Commands: hacking voice assistants via laser beam