Facebook has often been a favorite hunting ground for cybercriminals who delight in preying on the naive members of the internet community. While addressing a very prevalent fraud known as "Is that you?" cybernews has conducted research. It's a type of video phishing scam in which the attacker delivers a link to a fictitious video in which the victim appears. When you click, the trouble begins as soon as you enter some personal information and log in.
Researchers were recently rewarded for such diligence when they received a warning from fellow cyber investigator Aidan Raney – who originally contacted them after the original results were released – that malicious links were being sent to users. Upon further investigation, it was discovered that thousands of these phishing links had been circulated via a devious network spanning the social media platform's back channels. If left unchecked, hundreds of thousands of naive social network users might fall prey to the shady connections - the "Is That You?" scam was said to have ensnared half a million victims before researchers discovered it.
Raney explained, "I worked out what servers did what, where code was hosted, and how I might identify additional servers." "I then used this information, as well as urlscan.io, to seek for more phishing sites with similar features to this one."
A thorough examination of the servers linked to the phishing links revealed a page that was transmitting credentials to devsbrp. app. A banner believed to be attached to a control panel was discovered with the wording "panelfps by braunnypr" printed on it. A second search using keywords led the study team right to the panel and banner designer, whose email address and password variations were also identified – neatly turning the tables on fraudsters who prey on unwary web users' credentials.
Cybernews accessed a website which proved to be the command and control hub for most of the phishing assaults linked to the gang, known to include at least 5 threat actors but could have plenty more, using the threat actor's personal details. This gave our brave investigators a wealth of information about the culprits of the Facebook phishing scam, including the likely country of residence – the Dominican Republic.
"We were able to distribute the user list for everyone who has signed up for this panel," the Cybernews researcher explained. "We started unearthing the identities with as many people on the list as we could using the usernames on the list, but there is still more work to be done."
Researchers provided the appropriate information to the Dominican Republic's Cyber Emergency Response Team (CERT) at the time, as evidence suggested that the campaign had started there as well.
![](https://pinterest.com/pin/create/bookmarklet/?media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh3OcToc0o02QEC3ZiuMROP-jA0Q3CCcCjuY617yjJ_XKi7WHpS1XHcpXmjXV9gkONlJOlybJXbh5yOPZCoG6uv6JARpZkk9KzWCclFVFZu-K-y998Tr6R24YU3pcCTBaOniopmscEiN6cCxEGz3mCvRaxjfZZEyfJ2IpjmYRT80lZ7JdnwCVW5H3kSw/s600/pexels-luca-sammarco-6162932.jpg&url=https://www.cysecurity.news/2022/05/facebook-is-that-you-500000-people-were.html&description=Facebook :"Is that you?" 500,000 People Were Victims of this Phishing Scam){kind=link}