According to the researcher Fredric Vila, the attack was initially discovered when one of F-Secure’s employee got a message in Facebook Messenger from his friend. Along with some text, it contained a shortened URL disguised as a YouTube video link. After several redirections and web pages, it landed Android and iOS users on a web page asking for users’ Facebook credentials.
The URLs in question look somewhat like, “hxxp://lnk[.]pics/19S3Y”, or “hxxp://lnk[.]pics/18JDK”, etc.
After analyzing the data, the firm concludes that attack first spread in Sweden (October 15), then Finland (October 17), and reached Germany by October 19. Users in these countries stand for around 80% of 200,000 clicks made as a part of the phishing campaign.
The Facebook phishing attack was mostly targeting Android and iOS users, with an aim to harvest in their Facebook credentials and attack more users. But in the two weeks time for which it lasted, the attackers also tried to target non-Android and iOS users to earn money through ad-fraud by redirecting them to an ad-affiliate URL.
It’s advised to keep your eye open while clicking links on Facebook or any other place on the web. If you think you’re affected, you should change your password immediately. You should also enable two-factor authentication to add an extra layer of security for your Facebook account.