Facebook Messenger is one of the most popular messaging platform in the world, amassing 988 million monthly active users as of January 2022 according to Statista. One important feature of this platform is Messenger’s bot. Within the current digital landscape, chatbots are widely used by companies and individuals to connect with their customers online, and almost immediately pops up when chatting with brands or businesses. This was shown in an earlier Trustwave SpiderLabs blog that detailed how chatbots are used in email phishing attacks.
From phishing and scam attempts, to bogus job offers, fraudsters are always coming up with new techniques to steal credentials or money. This time, TrustWave came across a phishing email that makes use of Meta’s Messenger chatbot feature.
Chatbots serve a huge purpose in digital marketing and live support, so it is no wonder that cyber attackers are now abusing this feature. People are not inclined to be suspicious of its contents, specially if it comes from a seemingly genuine source.
The fact that the spammers are leveraging the platform that they are mimicking makes this campaign a perfect social engineering technique.
Reference