Don’t fall for this devious phishing scam, Facebook users warned

Cybercriminals are stealing people’s Facebook account credentials

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new phishing campaign is targeting the administrators of company pages on Facebook, security researchers have warned.

As reported byZDNet, Abnormal Security has identified emails delivered to Facebook users claiming that their account will be permanently closed if an issue is not rectified urgently.

The objective of the scam is to trick people into handing over theirpasswordsand personal information, potentially with a view to hijacking the company pages they administrate.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

False sense of urgency

First, the victim receives an email addressed from “The Facebook Team”, which warns that they have repeatedly posted content that infringes on someone else’s copyright. Unless they appeal the claim immediately, their account will be closed, the victim is told.

The email carries two links: one that leads to a genuine Facebook post (probably to help bypassemailprotection services) and another that directs the victim to a website where they can “plead their case”.

This malicious page isn’t host to anymalware, but rather asks the victim to provide personal information, including their name, email address and Facebook password.

Commenting on the findings, Rachelle Chouinard, Threat Intelligence Analyst at Abnormal Security, explained that it’s the false sense of urgency that catches people out.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Almost half a million users duped by Facebook phishing campaign>That Facebook Messenger update could be a phishing scam>Meta is suing cybercriminals over phishing scams on Facebook, WhatsApp, Messenger

“This is often enough to convince recipients to provide their personal information, particularly if they are using their Facebook account for business purposes,” said Chouinard.

Even though the attackers did their best to hide the fact that the emails weren’t coming from Facebook, there are a few red flags for those with an eye for detail. For example, the sender’s address is not related to the Facebook domain in any way, and pressing “reply” brings up an unrelated Gmail address.

The researchers also said that legitimate companies will never use language designed to spark fear in the recipient.

Those who still aren’t sure if something’s wrong with their account, should rather log in by typing the address directly into thebrowser, rather than clicking on a link. If anything indeed is wrong with the account, there will be a notification waiting on the profile page.

ViaZDNet

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Rising AI threats are making firms turn back to human intelligence

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!