A new phishing campaign is targeting the administrators of company pages on Facebook, security researchers have warned.
As reported by ZDNet, Abnormal Security has identified emails delivered to Facebook users claiming that their account will be permanently closed if an issue is not rectified urgently.
The objective of the scam is to trick people into handing over their passwords and personal information, potentially with a view to hijacking the company pages they administrate.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
False sense of urgency
First, the victim receives an email addressed from “The Facebook Team”, which warns that they have repeatedly posted content that infringes on someone else’s copyright. Unless they appeal the claim immediately, their account will be closed, the victim is told.
The email carries two links: one that leads to a genuine Facebook post (probably to help bypass email protection services) and another that directs the victim to a website where they can “plead their case”.
This malicious page isn't host to any malware, but rather asks the victim to provide personal information, including their name, email address and Facebook password.
Commenting on the findings, Rachelle Chouinard, Threat Intelligence Analyst at Abnormal Security, explained that it’s the false sense of urgency that catches people out.
> Almost half a million users duped by Facebook phishing campaign (opens in new tab)
> That Facebook Messenger update could be a phishing scam (opens in new tab)
> Meta is suing cybercriminals over phishing scams on Facebook, WhatsApp, Messenger (opens in new tab)
"This is often enough to convince recipients to provide their personal information, particularly if they are using their Facebook account for business purposes,” said Chouinard.
Even though the attackers did their best to hide the fact that the emails weren’t coming from Facebook, there are a few red flags for those with an eye for detail. For example, the sender's address is not related to the Facebook domain in any way, and pressing “reply” brings up an unrelated Gmail address.
The researchers also said that legitimate companies will never use language designed to spark fear in the recipient.
Those who still aren’t sure if something’s wrong with their account, should rather log in by typing the address directly into the browser, rather than clicking on a link. If anything indeed is wrong with the account, there will be a notification waiting on the profile page.
- Prevent account hijacking with the best security keys around (opens in new tab)
Via ZDNet (opens in new tab)