Facebook Messenger
(Getty)
  • South Africa was one of the territories targeted in a huge theft of Facebook Messenger login credentials, say security researchers.
  • Thousands of posts, disguised as Facebook communications, offered an update to Facebook Messenger, while in reality stealing login credentials.
  • Users were offered the ability to see deleted messages as enticement, or threatened with losing access to the service.
  • The scammers spent money to boost Facebook posts, to reach as many people as possible.
  • It is not known to what extent they succeeded in South Africa. 
  • For more stories go to www.BusinessInsider.co.za.

South Africans were among those targeted in a huge scam to steal login credentials for Facebook Messenger, security researchers said on Tuesday.

The Singapore-based Group-IB fraud detection firm said it had detected fake posts linked to the operation in at least 84 countries, with thousands of posts linking to various phishing sites used to harvest passwords from those who fell for it.

Though Group-IB detected the attempts at stealing passwords, and can estimate the scale of scam, it is not known to what extent it may have succeeded, or how many South Africans had their accounts compromised.

Scammers registered Facebook accounts that appeared to be official, said Group-IB, using misspellings such as "Masssengar" or "Meseenger". These accounts created posts urging users to update their software.

Facebook Messenger fake ad
(Group-IB)

In at least some cases, the posts were boosted using Facebook's advertising system.

Some posts tried to entice users with fake new functions of the supposedly updated Facebook Messenger, such as the ability to see deleted messages. Others threatened users with losing access to Facebook Messenger if they failed to update.

Those who clicked through on the links provided were presented with fake login pages asking for a username (email address or telephone number) and password. Though the pages displayed the Facebook Messenger logo, weary users may have noticed that they were not on Facebook.com or a related domain, but via services such as sites.google.com or blogspot.com, which offer free website hosting.

The motive for the scam is not known, but there are several uses to which harvested details could be put, said Group-IB, with options including demanding a ransom to restore access to the account for the legitimate user, or distributing more scam ads using the hijacked accounts.

The selection of countries where the scam was pushed does not seem particularly meaningful, Group-IB told Business Insider South Africa.

"The scope of the campaign corresponds to the audience of Facebook Messenger, which is scattered around the globe. Group-IB [Digital Risk Protection] analysts assume that scammers attempted to launch their fraudulent campaign in as many countries as possible and then tuned it according to the response they got."

(Compiled by Phillip de Wet)

Receive a daily news update on your cellphone. Or get the best of our site emailed to you

Go to the Business Insider front page for more stories.