BtCIRT has been informed of a Facebook phishing link that is being widely circulated via Facebook Messenger chat service.
The message looks like this:
It includes the following known links:
- hxxps://c-ko.eu/2kU_pCgXO.ru
- hxxps://c-ko.eu/Wo4rE~TD.ru
[These are the known links but there could be other variations too.]
If you receive such a message with the link, please do not click on it and the most important of all, please do not provide your username and password and the One Time Password (OTP) if your Facebook account has 2 Factor Authentication (2FA) set up.
BtCIRT has analyzed the link and found out that the link doesn’t have any videos but the link redirects to a page which looks like facebook, but it is actually a phishing site. If you provide your username and password there, you will actually be providing your credentials to the attackers and then the link is further sent to all your contacts. If you have 2FA enabled they go one step further and ask you to send a pin code, which actually is your OTP used for authenticating your account.
If you look at the URL, you will see that it’s not facebook.com but c-ko.eu, which is designed to look like facebook to steal your credentials.
If you have already clicked on the link and have given out credentials, please do the following:
- Change your credentials immediately
- Notify all your contacts that you are not the one sending that link and advise them not to click on it
- Delete and reinstall the facebook and messenger app
- If you don’t have 2FA enabled, enable it now!
- Check the currently logged in devices and verify. If there are unknown devices, log out from it and secure your account further.
