Kaspersky has discovered a new phishing scheme targeting Facebook business accounts, using legitimate Facebook infrastructure to send deceptive emails with threats of account suspension. Cybercriminals have devised a method to use authentic Facebook functions to send fake suspension warnings to business accounts. These emails, originating from Facebook, contain alarming messages such as “24 Hours Left to Request Review. See Why”.
Clicking the email link leads to a genuine Facebook page displaying a similar warning. After that, a user is redirected to a phishing site disguised with Meta branding, reducing the time to resolve the issue from 24 to 12 hours. Finally, the phishing site initially asks for innocuous information, followed by a request for the account’s email, or phone number and password.
The attackers utilize compromised Facebook accounts to send these notifications. They change the account name to a threatening message and the profile picture to an exclamation mark, after which they create posts mentioning the targeted business accounts. And because delivery is via the actual Facebook infrastructure, these notifications are guaranteed to reach their intended recipients.
“Even notifications that appear legitimate and come from a trusted source such as Facebook can be deceptive. It’s crucial to carefully examine the links you are prompted to follow, especially when it involves entering data or making payments. This can make a significant difference in protecting your business accounts from phishing attacks,” comments Andrey Kovtun, a security expert at Kaspersky.
Read more about this Facebook scam on Kaspersky Daily.
Avoid opening links you receive in suspicious email messages. If you need to sign in to your account with the organization, type in the address manually or use a bookmark.
To protect the company against a wide range of threats, use solutions from Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.
Invest in additional cybersecurity courses for your staff to keep them up to date with the latest knowledge. With practically oriented Kaspersky Expert training, InfoSec professionals can advance their hard skills and be able to defend their companies against sophisticated attacks. You can choose the most appropriate format and follow either self-guided, online courses or trainer-led live courses.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
