Cheats are currently using Facebook to steal your money and convert them directly into Bitcoin.
Polish cheats are allegedly running a complicated scam including the hack profile on Facebook. Immediately after the hack, they plunder bank accounts and quickly transfer stolen funds to Bitcoin anonymous wallets.
BadCyber was discovered by an independent security team. What is particularly interesting is how complex and persistent the scammers' plan is.
Hackers initially use well-known techniques maliciousυ λογισμικού και ηλεκτρονικού “ψαρέματος” (phishing), για να υποκλέψουν τα διαπιστευτήρια σύνδεσης και να αποκτήσουν πρόσβαση σε λογαριασμούς του Facebook. Μόλις παραβιαστεί ένας λογαριασμός, οι επιτιθέμενοι αρχίζουν να επιθεωρούν το record user's conversations and target people the victim communicates with, as if they were the real users.
Από τον παραβιασμένο λογαριασμό οι επιτιθέμενοι αρχίζουν να ζητούν μικρά χρηματικά ποσά για να “συμπληρώσουν” ένα μεγάλο χρηματικό ποσό για κάποια ηλεκτρονική αγορά. Δεδομένου ότι η Πολωνία χρησιμοποιεί σε μεγάλο βαθμό υπηρεσίες διαμεσολάβησης πληρωμών που επιτρέπουν ηλεκτρονικές αγορές χωρίς πιστωτικές κάρτες, τα requests these are not unusual at all.
Once a contact has agreed to carry out the transaction, the attackers send a fake payment link that directs unsuspecting victims to carefully cloned websites of popular payment providers. There, the victim will be asked to complete the payment to enter a unique code he has received via SMS.
The attackers, in addition to intercepting the unique code, go ahead and allow the payment to be completed through the fake σελίδαs, except that, unbeknownst to the victim, they have characterized the transaction as a "trusted transfer."
The BadCyber Security Team says that after that it takes about 15 minutes to empty the bank account and transfer all stolen money to anonymous Bitcoin wallets.
It is unknown at this time what he will do after leaving the post, but researchers believe that "several attempts" were made overnight.
According to the security team, what makes the scam particularly unpleasant is that scammers exchange money directly to Bitcoin. The fact and the complexity of the attack makes it very difficult to locate the fraudsters.
"It starts with Facebook, then moves to rogue sites that record victims' movements using socks ports on zombie machines located in the same area where the victim lives," the researchers said.
“Professional teams only detections that have appropriate mechanisms in place can properly handle and detect these attacks.”
Don't think, turn on authentication right away two agents on Facebook now and be very careful if a friend like asks for help with a small online transaction.