Have you ever felt a twinge of panic when a pop-up warns you about “outdated software”? Or a rush to act when you see an ad that screams, “Your account is at risk. Update Now!” This is the kind of trigger that cybercriminals try to exploit. A lot of times, it’s just a psychological game. And if you’re not careful enough, you might end up handing over personal information and sensitive data without even realising it.
A recent Bitwarden malvertising campaign on Facebook offers a textbook example of how scammers weaponise urgency. Bitwarden is a popular open-source password manager that is particularly known for its solid encryption practices.
The attackers posted very convincing ads using a fake Bitwarden page on Facebook. The ads would contain phrases like “Warning: Your Passwords Are at Risk!” or “Update now to ensure your passwords are secure.” Bitdefender’s investigation revealed that these scammers targeted thousands of unsuspecting users by mimicking Bitwarden’s branding and creating a sense of urgency.
The Psychology of Urgency
These scammers tap into two of our most basic instincts—fear and impulse. When they warn users of imminent threats like “outdated software risking password security,” they create a fight-or-flight moment, which often leads to action before reflection.
According to research, emotional states like anxiety or stress deplete mental resources. This often impairs decision-making, leading to increased susceptibility to scams. Scammers exploit this susceptibility when they craft urgent messages like the ones from the Bitwarden campaign. People are more likely to fall for scams when they are unable to evaluate deceptive prompts critically.
Anatomy of the Attack
To avoid these scams, you need to understand how they work. So here’s how the scheme unfolded:
- The Hook: Users panic when they see sponsored ads on Facebook warning users of potential security risks. In this case, users believe their passwords could be compromised and rush to action.
- The Redirect: Once the user clicks on the ad, believing it will remediate the threat, they are led through multiple links.
- The Deception: The redirect eventually leads to a fake Chrome Web Store that looks convincingly real. Users are prompted to sideload a malicious browser extension using a ZIP file.
- The Payload: Once installed, the extension can harvest session cookies, geolocation, IP addresses, account details, and passwords and send them to the attacker.
How to Spot These Scams?
We’re not going to lie; detecting these scams is getting harder. And there are already reports of the use of AI in many of them. Which means it’s going to be even more challenging. However, here are four ways you can spot these scams.
- Watch for red flags in language: Words and phrases like “urgent,” “immediate action required,” or “security warning” are often used to create panic.
- Inspect the links: Hover over links to verify their authenticity before clicking. Trusted companies won’t redirect you through multiple sites.
- Verify update requests: Companies cannot know you are using outdated software through Facebook ads. So always download and update software from reputable app stores and official websites.
- Pause and think: Verify the claims before clicking on an ad. Scammers thrive on your impulse to act quickly.
Who’s Accountable for Cybersecurity?
While you must be more careful about your data and take measures to safeguard it, platforms like Facebook and X also have a responsibility. They’re supposed to vet advertisers more rigorously. This Bitwarden incident is not an isolated event. There are hundreds, if not thousands, of AI scams being advertised by Meta and X daily, which is more noticeable now than ever. Better ad screening and proactive detection mechanisms could have prevented the fraud from reaching such a broad audience.