A recent phishing campaign targeting Facebook users has been spreading rapidly, aiming to steal login credentials by using fake copyright infringement notices. The campaign has been sent to over 12,000 email addresses, primarily affecting businesses across the EU, US, and Australia. The attackers are leveraging legitimate services like Salesforce to send out emails, making them appear more authentic. These emails are designed to look like official notifications from Facebook, claiming that the recipient’s account has been flagged for a violation of copyright laws under the Digital Millennium Copyright Act (DMCA). To increase the scam’s credibility, the emails often reference well-known companies like Universal Music Group as the complainant.
The phishing emails create a sense of urgency by warning recipients that they must appeal the claim within a short time frame to avoid permanent account restrictions. The messages include a link to contest the claim, which leads to a fake Facebook support page. This page closely mimics Facebook’s real interface and prompts users to enter their login credentials, which are then captured by the attackers. This tactic is particularly dangerous because it takes advantage of the trust that users have in Facebook’s official communications and the legitimacy of the services used to send the emails.
The attack is a significant threat for businesses that use Facebook for advertising, customer engagement, or as a storefront.
If a Facebook admin account is compromised, cybercriminals can gain control over the company’s Facebook page, allowing them to manipulate content, delete posts, or alter messaging. This can cause significant damage to the company’s reputation, leading to a loss of customer trust and even legal repercussions, especially for businesses in regulated industries like healthcare and finance. The widespread targeting of businesses and users across multiple languages, including English, Chinese, and Arabic, shows the broad scope of the attack.
To protect against such phishing attacks, organizations are advised to take several precautions. They should set up alerts for suspicious login attempts and unusual account activity. Additionally, employees should be educated about the risks of phishing emails and encouraged to verify account information directly on Facebook, rather than clicking on links within emails. Organizations should also inform their customers about the proper channels for business communications. Furthermore, having an incident response plan in place can help companies quickly recover compromised accounts and communicate with customers about the breach.
