Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
If Mr. Tony slides into your DMs, leave him on read.
In a recent blog post, cybersecurity tool company Guardio warned virtual storefronts about seemingly innocuous Facebook messages that include malware capable of hijacking the recipient’s account.
The Vietnam-based operation—seemingly perpetrated by a group of Telegram bots linked to an administrator called MrTonyName—has clocked a “staggering” success rate by blasting out messages that ask businesses to open a file, sometimes disguised as a product the sender wants to buy.
If opened, the file drops a malicious payload that burrows into the user’s browsers, hoovering up saved cookies and credentials and ultimately logging the legitimate user out, according to the report.
The effects can be devastating. According to Guardio, this scam is aimed at “luring business owners to click on the malicious attachment, ultimately giving away their entire Facebook operation, and getting locked out for good.”
The report notes that business-grade Facebook accounts are valuable targets for scammers, as they’re usually attached to financial information, advertising, trusted brands, and a large number of followers. There’s even a thriving black market for buying and selling control of these accounts on Telegram and elsewhere on the internet, Guardio reported.
Facebook didn’t immediately respond to IT Brew’s request for comment about its Messenger and account security practices, but the company previously recommended monitoring the admin panel for unauthorized changes to permissions after a 2018 account-hijacking wave.
The black market makes it lucrative for bad actors to cast a wide net for potential victims. Guardio estimates that the Mr. Tony scam hit at least 7% of all Facebook business accounts with the phishing messages. Roughly 1 in 250 recipients actually follow the steps to download the malicious file, likely rendering “the final number of compromised accounts to be high and alarming,” the report said.
The campaign is just another example of the rampant “security loopholes in our modern browsers that hold easily decrypted passwords and still hold easily accessible cookies and security tokens,” per Guardio. The company recommended introducing additional security layers to thwart scammers who try to creep on your cookies while you browse the web.
Another way to avoid the hassle? Just get off Facebook.