Russian multinational cybersecurity firm, Kaspersky, has uncovered a new phishing scheme where cybercriminals target Facebook business accounts by using legitimate Facebook infrastructure to send deceptive emails to such accounts with threats of account suspension.
These fraudulent emails, originating from Facebook, attack accounts with messages such as “24 Hours Left to Request Review. See Why.” Clicking on the email link takes the user to a genuine Facebook page displaying a similar warning. From there, the user is redirected to a phishing site disguised with Meta branding, which further reduces the time to resolve the issue from 24 to 12 hours. Initially, the phishing site requests innocuous information but soon asks for more sensitive data, including the account’s email, phone number, and password.
Kaspersky’s investigation reveals that the attackers use compromised Facebook accounts to send these notifications. They modify the account name to a threatening message and change the profile picture to an exclamation mark. The attackers then create posts mentioning the targeted business accounts. Since these notifications are delivered via Facebook’s actual infrastructure, they are guaranteed to reach their intended recipients.
Kaspersky has cautioned Facebook business account holders to be vigilant and scrutinize any email links before clicking, especially those that request personal information or prompt for immediate action.
“Even notifications that appear legitimate and come from a trusted source such as Facebook can be deceptive. It’s crucial to carefully examine the links you are prompted to follow, especially when it involves entering data or making payments. This can make a significant difference in protecting your business accounts from phishing attacks,” a security expert at Kaspersky, Andrey Kovtun advised.
