Phishers Hook Facebook Users via SMS

Phishers Hook Facebook Users via SMS

Update, 01 Sept 2014: NUMBERCOP, one of our blog readers, has tipped us off in the comments section about this particular scam resurfacing once again with a new URL, which was created last August 31, 2014, a couple of days ago. The number of visitors to that link, as of this writing, seems to have been increasing.

Original post:

Report about an SMS

click to enlarge

If you happen to receive an SMS message from a potentially unknown recipient with the following text—

wtf f***** remove this pic from Facebook. http://bit[dot]do/fbnudephotos

—much like the fellow on the screenshot above, then you’ve been targeted by a phishing campaign.

The link is the shortened URL for a publicly available HTML page hosted on a Dropbox account. It looks like this:

The FB Phishing Page

click to enlarge

All links but one–the Get Facebook for iPhone and browse faster. link–lead to a 404 page. The aforementioned link leads to the actual iTunes app download page.

The full code of the page is actually hex encoded and executed by the unescape () function. Partial code looks like this once decoded by an online, free tool:

Encoded Hex Decoded

click to enlarge

Once users provide their Facebook credentials to the page, these are then posted to a .PHP page hosted on 193[dot]107[dot]17[dot]68, which we found out to be quite a popular location for hosting malware.

While this happens at the background, users are directed to the following screenshot which serves as humour, if not a “Gotcha!” after a successful con.

click to enlarge

Another thing of note is the URL at the bottom of the code:

The bitly URL

This is a shortened URL for  what we believe is a page that was once a diet scam page, judging from the actual URL string we have encountered before:

Supposed Fake

click to enlarge

We suspect that this URL is included to increase the click-through rate or visits to the page.

Individuals or groups with bad intent have been using SMS as a way to scam people, either for their money or for their information.

Senior Security Researcher Jérôme Segura have published a post entitled “SMS Scams: How To Defend Yourself” back in 2013, which I recommend you, dear Reader, to read as well. His thoughts on this kind of fraud remains relevant to this date.

Other related post/s:

Jovi Umawing


Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.