Fraudsters find ways to adulterate most noble causes. Earlier this year, social media giant Facebook had announced a grant of $100 million for small businesses, according to the company’s official blog. However, Kaspersky analysis shows that just as the news was picked up by media outlets, malicious users started exploiting the bait. 

What are fraudsters are doing? 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Apparently, scamsters are using a very simple trick here. They presented the news as if Facebook was handing out money to all of the social network’s users who had been affected by COVID-19. According to analysts at Kaspersky, users viewed an article – which appeared to be from a prominent media outlet - claiming Facebook is giving grants to users hit by COVID-19, along with a link to apply for the grant. 

The potential victims, having clicked on the ‘news’ link, were taken to another charity-related portal. Its URL does not contain facebook.com, so it clearly has nothing to do with Facebook. Nevertheless, to accept the application, the site requires a lot more information, supposedly to verify the account; such as the victim’s address, social security number (for US citizens), and even a scan of both sides of a piece of ID.  

When the form is submitted, the site displays a confirmation message that the application has been accepted. 

While, of course, this results in no grants being given away, the collected information allows the scammers to gain access to their victims’ Facebook accounts and this can be used in a variety of malicious ways (for instance to  trick a person’s friends and ask them for money) or even to steal someone’s identity. 

How to stay safe? 

"Cybercriminals are always on the lookout  to take advantage of the ongoing situation while playing with the user's psyche. The attack here is not directly made on any organization but is yet successful in stealing important data that is voluntarily shared by the users due to lack of cyber awareness. This method of targeting the users would have needed minimum or zero investment by the cybercriminal, while gaining a maximum amount of sensitive data that can then be sold on the dark web to earn huge money. We urge users to be very careful while they are online and check the URLs of the sites you visit, paying attention to grammar on the web page. Installing a reliable security solution will also help consumers further in staying secure," said Dipesh Kaura, General Manager, Kaspersky (South Asia).