--- title: "Cybercriminals are Duping Millions of Accounts in the Latest Facebook Phishing Campaign | Phish Protection" description: "The talk of the town is the phishing campaign on Facebook that has reportedly duped millions into providing their login credentials to cybercriminals." image: "https://phishprotection.com/og/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign.png" canonical: "https://phishprotection.com/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/" --- Quick Answer The talk of the town is the phishing campaign on Facebook that has reportedly duped millions into providing their \*\*login credentials\*\* to cybercriminals. The Facebook phishing operation is the latest in a long line of \[cybersecurity\](/content/cybersecurity-in-a-nutshell) news that has shaken people worldwide. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybercriminals%20are%20Duping%20Millions%20of%20Accounts%20in%20the%20Latest%20Facebook%20Phishing%20Campaign&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign%2F&title=Cybercriminals%20are%20Duping%20Millions%20of%20Accounts%20in%20the%20Latest%20Facebook%20Phishing%20Campaign "Share on Reddit") [ ](mailto:?subject=Cybercriminals%20are%20Duping%20Millions%20of%20Accounts%20in%20the%20Latest%20Facebook%20Phishing%20Campaign&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/06/anti-phishing-solutions-1235.jpg) The talk of the town is the phishing campaign on Facebook that has reportedly duped millions into providing their **login credentials** to cybercriminals. The Facebook phishing operation is the latest in a long line of [cybersecurity](/content/cybersecurity-in-a-nutshell) news that has shaken people worldwide. Facebook Messenger is circling various phishing pages, _tricking users into providing their login credentials to threat actors_. These compromised accounts are then used further to expand the phishing messages to friends and family accounts, **farming more credentials** to compromise additional accounts. These phishing pages are also full of online advertisements, helping the [threat actors](/phishing/threat-actors-target-western-digital-cripple-its-my-cloud-service) behind the attack **generate significant earnings** while also expanding the phishing attack surface. ### What is Happening During the Facebook Phishing Campaign? Facebook Messenger is floating with countless phishing pages that redirect you to **fake web pages**, which are only accessible once you enter your login credentials into the fake Facebook login page that appears. Various phishing pages originated from Facebook Messenger, a number that grew in proportion to the number of stolen Facebook accounts, _indicating the presence of automated tools_ that sent [phishing links](https://www.thenationalnews.com/uae/2023/01/05/uae-authority-warns-public-over-phishing-links-posing-as-major-courier-companies/) to the friends of a stolen account, leading to **widespread phishing** and growth in stolen Facebook accounts. Facebook, one of the social media giants in the world, has **adequate protection** and security measures to stop phishing links. Still, the cybercriminals behind the [phishing campaign](https://www.msspalert.com/cybersecurity-news/phishing-campaign-targeting-youtube-content-creators-malware-hitting-charging-stations/) have also been a step ahead, employing **legitimate** URL (Uniform Resource Locator) services. Some of these include litch.me, amaze.co, and famous.co, allowing the phishing links to bypass Facebook’s security. ![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2022/06/anti-phishing-solutions-1235.jpg) ### Facebook Phishing Campaign in Detail There is a **massive** scale of abuse on Facebook messenger that [PIXM Security](https://threatpost.com/acebook-messenger-scam/179977/) has uncovered. The attacks were frequent in 2022, but they started in September last year and included a fake Facebook login page. Facebook’s security was unable to detect this **credential harvesting** phishing campaign as the cybercriminal circumvents the phishing URLs from being blocked by the usage of **authentic app deployment** services as the first link of the URL redirecting chain . These login pages are not only limited to Facebook’s login pages but also redirect users to fake pages full of advertisements, online surveys, and more which indicate that the cybercriminal behind the [Facebook phishing](https://www.hackread.com/facebook-phishing-scam-crooks-messenger-chatbots-data/) campaign is already earning millions. On close inspection, PIXM found a reference to the original server where the **stolen login credentials** are hosted and a link to [traffic monitoring](https://www.a10networks.com/glossary/what-is-traffic-monitoring/#:~:text=Traffic%20monitoring%2C%20also%20known%20as,today%20require%20more%20advanced%20reporting.) tools where PIXM discovered other phishing pages. Furthermore, the views on the phishing pages used on Facebook revealed a significant spike from 2.7 million in 2021 to 8.5 million in 2022 . These Facebook phishing pages have over 400 unique identifiers, each with between 4000 and millions of views, with one reportedly having over 6 million. However, these discovered ones represent only a **small fraction** of the real number. ### Who is Behind the Facebook Phishing Attack? [PIXM](https://www.businesswire.com/news/home/20220614005930/en/PIXM-and-Identity-Automation-Partner-to-Prevent-Phishing-Attacks-Targeting-K-12-and-Higher-Education) has also successfully identified the threat actor behind the Facebook phishing campaign, which is attributed to a certain “**Bendercrack.com**,” a website seized in January 2021 and is currently under investigation. The threat actor was identified as many phishing pages shared a **common code snippet** that included the comment “Desarrollado por BenderCrack.com,” which is Spanish for “Powered by BenderCrack.com.” The BenderCrack website is not accessible, but its **archived copies** were examined by PIXM and revealed the threat actor’s email, ‘[rafaeldorado001@gmail.com](mailto:rafaeldorado001@gmail.com)’, which further revealed the threat actor is **based out of Colombia**. PIXM passed all its discoveries to INTERPOL and the Colombian Police. You can view the detailed [report here](https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/). ### How to Keep Safe from the Facebook Phishing Campaign? Facebook’s Phishing Campaign is still under investigation and ongoing, which means you are _bound to come across a phishing link_ that will harm you. However, by following some simple steps, you can easily avoid the Facebook Messenger phishing links. _**Do Not Open Unknown Links:**_ Phishing is done via unknown links **redirecting** you to fake websites and pages designed to steal your information. If you encounter any unknown or unsolicited links in your [Facebook Messenger](https://cisomag.com/flaw-in-facebook-messenger/) inbox, you should refrain from tapping or clicking on them. _**Do Not Provide Login Credentials:**_ A major part of the Facebook Phishing Campaign is using **genuine user accounts** to spread malicious phishing emails. Furthermore, one of your friend’s accounts could also be compromised, leading you to a fake page. If you find yourself on a fake page requiring you to sign in to Facebook again, you should avoid it altogether and **report the page**. You should also confirm with your friend or family member if they are the link’s sender. _**Implement 2FA:**_ Facebook’s Two-Factor Authentication is an excellent way of securing your account and protecting it. Furthermore, [alerts about unrecognized Facebook logins](https://www.facebook.com/help/162968940433354?helpref=faq%5Fcontent) can also help strengthen Facebook account security by alerting you about **suspicious logins**. Facebook Messenger also integrates with your carrier’s services, so you should also avoid unsolicited messages or links you receive as texts. You should also report strange emails and phishing messages to **[phish@fb.com](mailto:phish@fb.com)**. ![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2022/06/anti-phishing-solutions-1236.jpg) ### Final Words The Facebook Messenger phishing scam is just the latest in a long line of romance scams, **lottery scams**, [phishing emails](/content/protection-from-phishing/how-to-stop-phishing-emails), bogus job and giveaways, and shopping scams that have been observed on social media platforms. While the latest phishing scam on Facebook is dangerous and can _result in losing access to your account_ and the compromised account being used for further **spreading phishing emails**, you can easily protect your account by following the above steps. However, with [protection from phishing](/) becoming the centerpiece of attention everywhere, the Facebook Messenger phishing campaign has certainly raised questions about the **security of Facebook** and its applications offer. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybercriminals are Duping Millions of Accounts in the Latest Facebook Phishing Campaign","description":"The talk of the town is the phishing campaign on Facebook that has reportedly duped millions into providing their login credentials to cybercriminals.","url":"https://phishprotection.com/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/","datePublished":"2022-06-23T17:59:15.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-06-23T17:59:15.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/"},"articleSection":"foundational","keywords":"Phishing","wordCount":942,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/06/anti-phishing-solutions-1235.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is Happening During the Facebook Phishing Campaign?","acceptedAnswer":{"@type":"Answer","text":"Facebook Messenger is floating with countless phishing pages that redirect you to **fake web pages**, which are only accessible once you enter your login credentials into the fake Facebook login page that appears."}},{"@type":"Question","name":"Who is Behind the Facebook Phishing Attack?","acceptedAnswer":{"@type":"Answer","text":"[PIXM](https://www.businesswire.com/news/home/20220614005930/en/PIXM-and-Identity-Automation-Partner-to-Prevent-Phishing-Attacks-Targeting-K-12-and-Higher-Education) has also successfully identified the threat actor behind the Facebook phishing campaign, which is attributed to a certain \"**Bender..."}},{"@type":"Question","name":"How to Keep Safe from the Facebook Phishing Campaign?","acceptedAnswer":{"@type":"Answer","text":"Facebook's Phishing Campaign is still under investigation and ongoing, which means you are _bound to come across a phishing link_ that will harm you. However, by following some simple steps, you can easily avoid the Facebook Messenger phishing links."}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Cybercriminals are Duping Millions of Accounts in the Latest Facebook Phishing Campaign","item":"https://phishprotection.com/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/"}]} ```