Macrobius
Megaphoron
This morning, I noticed suspicious activity from the account of a 90+ year old woman who happens to be the mother of a friend of me and my eldest sister from childhood. I do in fact correspond now and then with the grand old lady, but it was unusual for her to send me a friend request, then immediately start chatting on Messenger. The conversation was generic and suspicious, and I quickly determined it was a bot (this is getting harder though). But bots are simply not trained on the speech patterns of 90 year old immigrants from Rhodes.
The idea of cloning FB sites with profile pics and then contacting 'friends' and doing a bit of social engineering is hardly new. What was novel in this morning's attack was that the link at the top of the chat to the profile, followed by 'view profile' did not go to a clone account as you might expect, but the REAL ONE. This is only possible if there is actually and FB vuln, mixed with some impressive chatbot -- well now probably just a 'student project' tier attempt but ... enough. It can't be a simple account hack, because of the 'friend request' part which, if you are already a friend, should be automatic in simple account compromise. And two simultaneous messenger convos with 'the same account' shouldn't be possible either.
I contacted the lady's daughter and got a side-by-side screen shot of two convos, one the daughter saying she's changing the password and the other attempting a variant of the 'Grandma, is that you?' scam. The daughter changed the password, will warn her mother, and contacted FB about the breach. It's not evident though, from just a pick and a complaint, how deeply this vuln in fact reached -- not just emulating an account, but having FB itself point you to the real one, while simultaneously having two convos on screen. Everything, Everywhere, All at Once.
Clearly, this is going to become more frequent and while we are seeing cherry-picking of low level fruit at the Nigerian Scammer tier here, it won't be long before it becomes a serious problem at scale.
The idea of cloning FB sites with profile pics and then contacting 'friends' and doing a bit of social engineering is hardly new. What was novel in this morning's attack was that the link at the top of the chat to the profile, followed by 'view profile' did not go to a clone account as you might expect, but the REAL ONE. This is only possible if there is actually and FB vuln, mixed with some impressive chatbot -- well now probably just a 'student project' tier attempt but ... enough. It can't be a simple account hack, because of the 'friend request' part which, if you are already a friend, should be automatic in simple account compromise. And two simultaneous messenger convos with 'the same account' shouldn't be possible either.
I contacted the lady's daughter and got a side-by-side screen shot of two convos, one the daughter saying she's changing the password and the other attempting a variant of the 'Grandma, is that you?' scam. The daughter changed the password, will warn her mother, and contacted FB about the breach. It's not evident though, from just a pick and a complaint, how deeply this vuln in fact reached -- not just emulating an account, but having FB itself point you to the real one, while simultaneously having two convos on screen. Everything, Everywhere, All at Once.
Clearly, this is going to become more frequent and while we are seeing cherry-picking of low level fruit at the Nigerian Scammer tier here, it won't be long before it becomes a serious problem at scale.