A new and sophisticated phishing campaign has emerged, targeting Facebook business accounts. This cyber attack involves phishing emails that impersonate the Facebook Ads Team, leveraging social engineering tactics to deceive recipients. The emails are crafted to create a sense of urgency, using subjects related to policy violations or account deletions. Despite their professional appearance, these emails contain grammatical errors and suspicious links, which, when hovered over, reveal malicious URLs.
Upon clicking the link, victims are directed to a fraudulent webpage designed to mimic Facebook’s account recovery process. This phishing site collects sensitive information such as email addresses, phone numbers, and potentially financial details. Furthermore, it requests two consecutive MFA codes, effectively bypassing multi-factor authentication and gaining full access to the account.
A Cofense analyst uncovered that the attackers use a range of tools and infrastructure to automate and optimize their phishing campaigns. These include text-to-CSV converters for data manipulation and a “Check Links” tool that verifies the activity of phishing URLs. The attackers’ infrastructure also involves translated redirects linked to services like Netlify and Microsoft email.
This phishing campaign underscores the importance of vigilance and robust security measures. Meta, the second-most impersonated brand in credential phishing attacks in Q1 2024, highlights the need for businesses to educate their employees about such threats and implement strong security protocols to protect their accounts from such sophisticated attacks.
Reference:
