Global Facebook phishing attack uncoveredPhishing attack claims 10,000 victims in only two days

06 July 2016


A malicious software attack has reportedly infected 10,000 Facebook users around the world in just 48 hours – claiming a new victim every 20 seconds.

The attack, uncovered by a Kaspersky Lab security expert, started after many thousands of people received a message from a friend claiming to have mentioned them on Facebook.

Compromised devices were then used to hijack Facebook accounts in order to spread the infection through the victim’s own Facebook friends, and to enable other malicious activity.

Facebook says it has now mitigated the threat and is blocking techniques used to spread malware from infected computers.

Online scams are becoming increasingly advanced - to protect yourself, use our guide to identify and avoid online scams.

How does the phishing attack work?

Between 24 and 27 June, thousands of unsuspecting people received a message from a Facebook friend saying they’d mentioned them in a comment.

The message had, in fact, been sent by attackers and unleashed a two-stage attack.  

  1. The first stage downloaded a virus onto the user’s computer that installed, among other things, a malicious Chrome browser extension.
  2. This enabled the second - very advanced - stage, the takeover of the victim’s Facebook account when they logged back into Facebook through the compromised browser.

A successful attack gave those responsible the ability to change your privacy settings, extract data and spread the infection through to your Facebook friends.

In some cases it could also lead to other malicious activity such as spam, identity theft and generating fraudulent ‘likes’ and ‘shares’.

What if my computer is infected?

Facebook now has around 1.65 billion users worldwide, with Kaspersky reporting that the majority of the 10,000 people targeted are in South America, Europe, Tunisia and Israel.

People using Windows-based computers to access Facebook are more likely to have been exposed, while there could also be some risk to those using Windows OS phones.

If you're worried that you may have been infected, you should run an antivirus scan on your computer, or open your Chrome browser and look for unexpected extensions. 

Google says it has removed at least one of the culprit extensions from the Chrome Web Store.

If these are present you should log out of your Facebook account, close the browser and disconnect the network cable from your computer. You should run a full antivirus scan or seek the help of a professional. 

Safeguard us from scams

While there are sensible steps we can all take to protect ourselves, an unfair burden has been placed on the public. We’re urging the government to take the lead and ensure companies safeguard us all from scams. Sign our petition to force action on scams.

More on this...