A new old way of phishing Facebook pages

· · 635 words · 3 minute read

Too many friends asked me about that stolen Facebook pages in the last week. Almost all these Facebook pages were stolen by phishing. Phishing is an old method of hacking by giving a visually identical Facebook page telling you that you need to give them some information because of anything. After you tell them the information including the OTP sent to your phone or e-mail, your account and/or your pages will be stolen.

If you are an admin of your own Facebook page or your business’s fanpage, you may see a post like this.

phishing post in Arabic

note: the post is in Arabic as this page is managed by people publishing in Arabic.

In the above screenshot, you see a page/account declaring it is a Support Account Security which implies it is related to Facebook / Meta company. But it is not. It is a stolen page used by hackers to publish a phishing link.

This Facebook page is publishing a “recommendation” of your own fanpage but saying “alert, your account is at risk, blah blah blah”. What security page tells you that your account is at risk by recommending you?!

The phishing link is the post is incomplete on wide screens such as laptop or tablet, but if you see the post on your smartphone, it will be shown complete like this.

عرض بوست السرقة على الموبايل

Let’s dissect this phishing link.

تشريح رابط سرقة صفحات الفيسبوك

The starting of the phishing link is a facebook link for redirection.

https://facebook.com/l.php?u=

If you add any link as a value of u= parameter, you’ll be redirected to that link.

In this phishing link, the link of the hackers is this link which if a website hosted by hackers on vercel company. Vercel is a known hosting company to host your websites.

https://account-support-suite.vercel.app/business-help-center

I do not recommend you to open/click the phishing link unless you are a security expert. Why? because the hackers sometimes create a hacking campaign with many levels of security, or many layers of hacking methods. For example, maybe this phishing link lead to a website that is a phishing website which is already known but the hacker added a code to steal browser cookies, and another code to inject a code in your operating system memory. It’s complicated. Sometimes, it is simple, but sometimes it is simple enough to trap an expert.

After you open the phishing link, Facebook warns you that you are going outside Facebook. And if you want that, click on “Follow Link”.

الخروج من فيسبوك إلى رابط الصفحة المزورة

After that, the phishing website itself appears. The phishing webpage seems related Facebook but it is not. It tells you that your Facebook account is at risk and blah blah blah. So, if you believe they are Facebook, you will click on “continue”.

محاولة سرقة فيسبوك عن طريق الصفحات المزورة

Another phishing webpage will appear and tell you to fill in your Facebook account information and Facebook fan page information.

جمع المعلومات داخل الصفحة المزورة

This is the Facebook page used by hackers to publish their phishing link to other pages on Facebook. This is already a stolen page.

الصفحة المسروقة التي تستخدم لنشر رابط الصفحات المزورة لسرقة صفحات أخرى على فيسبوك

The hackers stole this Facebook page and renamed it to seem as legit as possible and changed the profile picture and cover. It was specialized in diet and nutrition and probably owned by a nutritionist in Cairo, Egypt.

After stealing too many Facebook pages and accounts, hackers use them for stealing more and more from people.

This is a story published by hackers on a stolen Facebook page to encourage people to click a suspicious story link.

ستوري لجذب المتابعين للضغط على لينك تابع للهاكرز

I reported this phishing link to Google safe browsing here to let them block the phishing website and put security alert in front of everyone trying to open this phishing website.

I hope this post helps you with your programming journey. If you want to get notified about new posts, follow me on YouTube , Twitter (x) , LinkedIn , Facebook , Telegram and GitHub .

Share: