Cybercriminals and online scammers have begun setting up fake Facebook Pages for banks and other financial institutions in an effort to steal user credentials and other personal information.
The security researcher in question decided to look for their financial institution’s support page on Facebook after receiving a SMS notification from their bank warning them about possible fraudulent activity on their credit card account.
During their search, the security researcher discovered two pages for their bank that looked almost exactly alike. However, one page had a verified badge and a completely filled out About section while the other was unverified with no company information on its profile.
Fake Facebook pages
The fake Facebook page discovered by Cyren surprisingly even has its own chatbot to greet customers before they begin a conversation with a customer support agent from the bank to make potential victims believe they’re actually interacting with their financial institution.
After clicking on either of the two chatbot options on the fake page, users receive an automatic response with the bank’s phone numbers followed by a question from a fake customer support agent. After a bit of back and forth, the agent eventually asked the security researcher if they were enrolled in the bank’s online banking service.
If a user does have an online banking account, the scammer will ask for their user ID along with the last four digits of their account. If not, the scammer asks that they send a picture of their credit card.
In order to avoid falling victim to this and other similar scams, Cyren recommends that users look for the Facebook verification badge on a company’s profile or page, check the number of likes a profile or page has as this can indicate if it was recently created and avoid providing any account information online. Banking customers experiencing issues with their accounts should instead call their bank directly through their customer service hotline.