Criminals use Facebook's grant for small businesses as bait to steal data

Updated: 01 October, 2020 10:07 IST | IANS | New Delhi

The trick the cybercriminals used was simple. Scammers presented the news as if Facebook was handing out money to all of the social network's users who had been affected by Covid-19.

Representational Image
Representational Image

Cybercriminals are using the news of Facebook's $100 million grant for small businesses as a bait to steal sensitive information from unsuspecting users, cybersecurity firm Kaspersky has warned.

After the pandemic hit economies around the world badly, Facebook in March announced its plan to offer $100 million in cash grants and ad credits to help small businesses during this challenging time.

However, just as the news was picked up by media outlets, malicious users started exploiting the bait, Kaspersky said in a blog post.

"Cybercriminals are always on the lookout to take advantage of the ongoing situation while playing with the user's psyche. The attack here is not directly made on any organisation but is yet successful in stealing important data that is voluntarily shared by the users due to lack of cyber awareness," Dipesh Kaura, General Manager, Kaspersky (South Asia), said in a statement.

"This method of targeting the users would have needed minimum or zero investment by the cybercriminal, while gaining a maximum amount of sensitive data that can then be sold on the dark web to earn huge money."

The trick the cybercriminals used was simple. Scammers presented the news as if Facebook was handing out money to all of the social network's users who had been affected by Covid-19.

Samples, detected by Kaspersky, indicate that potential victims viewed an article -- seemingly from a prominent media outlet -- claiming Facebook is giving grants to users hit by COVID-19, along with a link to apply for the grant.

The potential victims, having clicked on the 'news' link, were taken to another charity-related portal.

Its URL does not contain facebook.com, so it clearly has nothing to do with Facebook.

Nevertheless, to accept the application, the site requires a lot more information, supposedly to verify the account; such as the victim's address, social security number (for US citizens), and even a scan of both sides of a piece of ID.

When the form is submitted, the site displays a confirmation message that the application has been accepted.

While, of course, this results in no grants being given away, the collected information allows the scammers to gain access to their victims' Facebook accounts and this can be used in a variety of malicious ways.

For example, it can be used to trick a person's friends and ask them for money) or even to steal someone's identity.

"We urge users to be very careful while they are online and check the URLs of the sites you visit, paying attention to grammar on the web page. Installing a reliable security solution will also help consumers further in staying secure," Kaura said.

Keep scrolling to read more news

Catch up on all the latest Mumbai news, crime news, current affairs, and a complete guide from food to things to do and events across Mumbai. Also download the new mid-day Android and iOS apps to get latest updates.

Mid-Day is now on Telegram. Click here to join our channel (@middayinfomedialtd) and stay updated with the latest news

First Published: 01 October, 2020 10:00 IST

Sign up for all the latest news, top galleries and trending videos from Mid-day.com

Subscribe
loading image
This website uses cookie or similar technologies, to enhance your browsing experience and provide personalised recommendations. By continuing to use our website, you agree to our Privacy Policy and Cookie Policy. OK