Experts warn of Facebook Messenger 'upgrade' scam

Scammers are targeting Singaporeans by promoting an allegedly upgraded version of Facebook Messenger, which redirects victims to scam sites that steal their data.

And it appears they are promoting the scam with advertisements on Facebook itself.

International cyber-security company Group-IB flagged the scam campaign, which involves about 1,000 fake Facebook profiles targeting users in more than 80 countries, including Singapore, Indonesia and Thailand. It found the fraudsters created these fake accounts with names mimicking the real Facebook Messenger, and were using the official Messenger logo as their profile photo.

Using these accounts, which bore names like "Massanger", the fraudsters made posts touting an "upgraded" version of Facebook Messenger with purported features such as being able to see who has visited one's profile and upgrades to "Gold Messenger".

The posts included links users were directed to click on to "upgrade", but which led them to scam sites that looked like official Facebook log-in pages.

To bypass Facebook's scam filters, the links were shortened with the help of legitimate services such as linktr.ee and bit.ly. The posts were also promoted via paid ad campaigns on Facebook.

Once redirected to the scam sites, users were tricked into inputting their log-in data, giving scammers access to their accounts.

Some users were allegedly tricked into "upgrading" with threats from the scammers that if they did not do so, their accounts would be permanently banned on the platform.

A Facebook spokesman said it was investigating the matter.

She said: "We have a zero-tolerance policy to scams on our services and take immediate action to remove illegal activity as quickly as possible, and strongly encourage users to report any suspicious activity.

"All apps in the Facebook family use the most sophisticated security software available, and we continue to make significant investments in advanced detection technology to keep our users safe."

Mr Ilia Rozhnov, head of Group-IB's digital risk protection department in the Asia-Pacific, said: "Living in the era of instant everything, clicking on an attractive ad, proposal or headline has become a natural human reflex. The Internet has made people abandon critical thinking."

In an advisory on the Cyber Security Agency of Singapore website, the Singapore Computer Emergency Response Team advised users to pay attention to any misspelling of letters in the links of the websites they are browsing.

A version of this article appeared in the print edition of The Straits Times on April 21, 2021, with the headline 'Experts warn of Facebook Messenger 'upgrade' scam'. Subscribe