Researchers at Trustwave have shed light on a recently discovered phishing campaign revolving around Facebook Messenger bots.

If you don’t spend much time on social media, chatbots are programs designed to impersonate live people and are usually relegated the task of answering simple questions as a form of triage customer support.

If the bot can’t answer the question, then a handoff escalation is made to a human customer support person.

That’s how it’s supposed to work, anyway.  This newly discovered campaign abuses chatbots.

Here’s how they’re structuring the campaign:

The first step is to send an email out to an individual concerning their Facebook page, generally claiming that the page has violated some portion of Facebook’s Community Standards and giving the email recipient 48 hours to appeal the decision or risk their page being deleted.

Naturally, this is mortifying to most people, who will rush to resolve the issue.

That’s exactly what the phishers are counting on.  By “helpfully” providing a link or button embedded in the email which connects them to a chatbot, but one that the scammers control.

By all appearances, the email recipient is connected to a member of Facebook’s customer support team.  It is in fact a chatbot controlled by the scammers.

The fake customer support person will basically regurgitate the information contained in the email and then will send the victim a message containing an “Appeal Now” button.

Clicking this button takes the victim to a website disguised as the “Facebook Support Inbox.” At this point, only an observant potential victim will see through the ruse as the inbox domain is in no way associated with Facebook. Others may easily miss it.

If the victim doesn’t see through the ruse, he or she will be asked to input a variety of information on a form.  When this form is submitted, a pop-up box appears asking the user to re-enter their Facebook password, and that’s the hook.

Everything up to this point has been bait designed to get the potential victim to give up their password.

Even if you’re not personally on Facebook, make sure everyone you know who is knows about this scam.  If we can help even one person avoid being taken in, that’s a victory.

Related Posts - TKS Blog
TKS Newsletter - 2025 June
Here's our June 2025 Newsletter Read the full PDF version here: The TKS Sentinel - June Issue In this month's edition, we discuss: Responsible AI Use PC Crashes ...
Read more
Preventing Cyber Incidents: Your Blueprint For Cyber Resilience
Cyber threats have evolved into a pressing business issue, impacting operations, reputation, and the bottom line. Recognizing this shift, we recently hosted a thought-provoking webinar...
Read more
secure emailsecure email
Modern Email and SaaS Security: What You Need to Know
In today’s tech-driven business world, everything’s connected, from your software to emails, your data, and workflows all live in the cloud. SaaS tools and digital...
Read more
email security for businessemail security for business
The Hidden Danger in Your Inbox: Email Security Guide
Imagine that you are sitting in your office, sipping your morning coffee, going through your emails. Everything seems routine until you stumble upon an alarming...
Read more

Used with permission from Article Aggregator