SINGAPORE - Scammers are targeting Singaporeans by promoting an allegedly upgraded version of Facebook Messenger that redirects victims to scam sites that steal their data.
And it appears they were promoting the scam with ads on Facebook itself.
International cyber-security company Group-IB has flagged the scam campaign, which involves about 1,000 fake Facebook profiles targeting users in more than 80 countries, including Singapore, Indonesia and Thailand.
It found that the fraudsters created these fake accounts with names mimicking the real Facebook Messenger and that they were using the official Messenger logo as their profile photo.
Using these accounts, which bore names like "Massanger", the fraudsters made posts touting an "upgraded" version of Facebook Messenger with purported features such as being able to see who has visited one's profile, seeing deleted messages, and upgrades to "Gold Messenger".
The posts included links that users were directed to click on to "upgrade", but which actually led them to scam sites that look like official Facebook login pages.
To bypass Facebook's scam filters, the links in the posts by the fraudsters had been shortened with the help of legitimate services such as linktr.ee and bit.ly.
The posts were also promoted via paid advertisement campaigns on Facebook.
Once redirected to the scam sites, users are tricked into entering their login data, giving scammers access to their accounts.
In some instances, some users were allegedly tricked to "upgrade" with threats from scammers that if they did not do so, their accounts would be permanently banned on the platform.
A Facebook spokesman said it was investigating the matter.
She said: "We have a zero-tolerance policy to scams on our services and take immediate action to remove illegal activity as quickly as possible, and strongly encourage users to report any suspicious activity.
"All apps in the Facebook family use the most sophisticated security software available, and we continue to make significant investments in advanced detection technology to keep our users safe."
Group-IB found that at least 13 such fake sites with Facebook login forms were targeted specifically at users in Singapore.
Using publicly available engagement metrics, it also found that about 2,000 unique users were visiting these 13 sites daily.
There have been more than 5,700 such scam posts on Facebook relating to Facebook Messenger updates this month.
It is not known how many users have fallen victim and entered their data upon being redirected to these scam sites.
But according to Group-IB, scammers could use the compromised accounts to either blackmail the victims, pushing them to pay a ransom to have access to their accounts restored, or further scale up the scheme using the stolen Facebook profiles to distribute more scam ads.
Mr Ilia Rozhnov, the head of Group-IB's digital risk protection department in the Asia-Pacific, told ST that scammers have taken advantage of the carelessness of users online.
"Living in the era of instant-everything, clicking on an attractive ad, proposal or headline has become a natural human reflex," he said.
"The Internet has made people abandon critical thinking."
He added: "It is up to brands (such as Facebook in this case) to set things straight in this endless stand-off by ensuring that their names are not used to trick unsuspecting customers into a scam."
Facebook had introduced a major update late last year with new features, including cross-app communication between Facebook and Instagram, and a vanish mode.
It said in the roll-out of the update then that Messenger users did not need to take action to gain access to these new features, as they would become available automatically.
Social media users are advised to be cautious when clicking on links that lead to external sites, and should never enter personal data on third-party sites even if they have logos of well-known brands, said Group-IB.
In an advisory on the Cyber Security Agency of Singapore website, the Singapore Computer Emergency Response Team advised users to pay attention to any misspelling of letters in the links of the websites they were browsing.