After few days of that phishing campaign we talked about in a previous post , I faced a new strategy to phish Facebook page admins and steal their accounts/pages.
In this method of reaching out to Facebook page admins to convince them to click the phishing link and follow through the phishing funnel is using the inbox. The hacker/phisher is just sending you a direct message in messenger to convince you to click on the link.
The hacker is using something called Meta chat plugin which I don’t know. But s/he is somehow using an application/api related thing.
If you click that phishing link, it leads you into a webpage similar to Facebook design/layout but it is not served from a Facebook domain.
Make sure to take a look at the url above the screen, so you can verify if the current domain is owned by Facebook or not.
The domain names owned by Meta / Facebook are:
So, if the domain is not one of them, it is not owned by facebook. It is fraud. It is scam. It is a phishing page.
The list of domains above is taken from the official page of bug bounty program .
I hope this post helps you. If you know a person who can benefit from this information, send them a link of this post. If you want to get notified about new posts, follow me on YouTube , Twitter (x) , LinkedIn , Facebook , Telegram and GitHub .