The URLs in question look somewhat like, “hxxp://lnk[.]pics/19S3Y”, or “hxxp://lnk[.]pics/18JDK”, etc.
After analyzing the data, the firm concludes that attack first spread in Sweden (October 15), then Finland (October 17), and reached Germany by October 19. Users in these countries stand for around 80% of 200,000 clicks made as a part of the phishing campaign.
The Facebook phishing attack was mostly targeting Android and iOS users, with an aim to harvest in their Facebook credentials and attack more users. But in the two weeks time for which it lasted, the attackers also tried to target non-Android and iOS users to earn money through ad-fraud by redirecting them to an ad-affiliate URL.
It’s advised to keep your eye open while clicking links on Facebook or any other place on the web. If you think you’re affected, you should change your password immediately. You should also enable two-factor authentication to add an extra layer of security for your Facebook account.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.