Facebook Typosquatting Campaign Harvests User Info

Security experts are warning Facebook users of a new typosquatting campaign abusing over 100 brands to elicit fraudulently obtained clicks and steal personal info.

DomainTools product management director, Tim Helming, first spotted the ad click campaign on the social network in the form of what appeared to be an easyJet boarding pass.

The message encourages users to click through to receive two free tickets from the airline as part of a ‘22nd anniversary special’ offer it is running.

However, clicking through leads them to a website requesting further personal information.

“This is what is known as a typo-squatting ad click generation campaign. The website that the victim is redirected to asks for personal information; and in some cases, they ask you to connect to your profile on Facebook or other social media websites,” explained Helming.

“These stolen credentials can be resold or traded on underground forums and sites. Also, these scams can be further weaponized to drop ransomware or other more advanced styles of malware if the attackers so choose. The ease of further weaponizing a simple campaign like this is concerning in and of itself.”

On further inspection, Helming discovered the same threat actor is behind scams connected to 113 separate ‘fake’ domains designed to resemble those of well-known brands.

These include britishairways-com[.]us, ryanair-freepass[.]us, pizza-huts[.]us, and tesco-uk[.]us.

Helming urged users to stay alert to possible scams like this, by looking for typos in the website, coupon or link that is directing them.

Hovering over a suspect URL will also help the user to work out if it is legitimate or not by showing where it will take them.

“Watch out for domains that have COM-[text] in them,” he added. “We're so accustomed to seeing ‘.com’ that we can easily overlook the extra text that's appended to it with a dash.”

Finally, it’s a good idea to remember that if an online deal looks too good to be true, it usually is, Helming warned.

What’s Hot on Infosecurity Magazine?