Cybercriminals have refined their phishing tactics by using Facebook’s mechanisms to target business accounts. They now send deceptive notifications claiming that the business account will be blocked unless immediate action is taken. These emails, which seem urgent and are marked by a warning icon, urge recipients to follow a link to resolve the issue.
Once the victim clicks the link, they are directed to a page that mimics Facebook’s appearance but is actually a phishing site. This page further intimidates the user by shortening the timeframe to respond and requests personal and account details, including passwords. The attackers use the stolen credentials to hijack Facebook accounts and send out more phishing notifications to other businesses.
The phishing emails exploit the Facebook infrastructure to ensure that the notifications reach the intended recipients. These notifications are crafted to appear genuine and come from what seems like a verified Facebook account, making them more likely to be trusted and acted upon by the recipient.
To protect against such attacks, businesses should be cautious with urgent or alarming messages, especially those demanding immediate action or requesting sensitive information. Regularly updating security protocols and educating employees about phishing tactics can help in mitigating these risks.
Reference: