Scammers are currently on the move with Meta Messenger (formerly: Facebook Messenger). With a perfidious scam, they try to tempt users to click on a link without thinking.
At first glance, a supposed message appears to come from contacts in the friends list. In it, content in the social network Tiktok is advertised and also linked. After clicking the link, the victim is then prompted to either download the app or sign up for a paid service. The scam recognizes the user’s operating system (Android, iOS, macOS, Windows) and provides the appropriate fraud app. At the same time, the user’s messenger account can be further exploited to spread the chain message to their own contacts and chat groups. ESET experts currently advise caution with Meta Messenger.
“Scammers are currently on the Meta Messenger with fraudulent advertisements or fictitious winning notifications. Recipients should click on a link that supposedly leads to the social network TikTok, but is redirected,” says Jiri Kropac, head of ESET’s research laboratory in Brno. “In Germany we are currently seeing cases of alleged profits in particular. To do this, users should provide personal data, which will then lead to an expensive SMS subscription.”
flow of the stitch
After clicking on the deceptive link in the message, users are redirected depending on the operating system (Android, iOS, macOS, Windows) they are currently using the chat app on or the country from which they are accessing the content redirected to other web content. In the case of a mobile device, it is most likely a deceptive and deceptive advertisement for the Express VPN or VPN Super Speed app. The user can click a link to open a page similar to a YouTube player, but is then prompted to install the app to watch the video. Alternatively, the user may be redirected to deceptive gaming or gambling portals with mandatory registration. The desktop version of the chat application saw the most adult content such as: B. on video portals, paid chats and dating sites. In all cases, the attackers try to get users to pay.
Tips from the security experts
- Look carefully at the messages: pay attention to the spelling and grammar. It is often already apparent here that something cannot be right.
- Don’t just click on links: No matter how enticing the content may seem, you should remain suspicious and not immediately click on any links contained within. In the current case, ask your contact whether the message is correct.
- Install a modern security solution: This detects potentially unwanted applications (PUA) at an early stage and warns of phishing websites.
www.pressetext.com | www.eset.com/de
