Cyber ​​attackers target Facebook business accounts using Meta infrastructure and branding

A new phishing scheme is targeting business Facebook accounts, using legitimate Facebook infrastructure to send deceptive emails threatening account suspension.

A new phishing scheme targets business Facebook accounts

Cybercriminals have devised a method to use genuine Facebook features to send fake suspension warnings to business accounts. These emails, which come from Facebook, contain alarming messages such as “24 Hours Left to Request Review. See Why”.

Clicking on the link in the email takes you to an actual Facebook page that displays a similar warning. After that, the user is redirected to a phishing site disguised with Meta branding, reducing the time to resolve the problem from 24 to 12 hours. Finally, the phishing site initially asks for harmless information, followed by the account's email or phone number and password, Kaspersky experts say.

Attackers use compromised Facebook accounts to send these notifications. They change the account name to a threatening message and the profile picture to an exclamation point, then create posts mentioning the targeted business accounts. Given that the delivery is made through Facebook's current infrastructure, these notifications are guaranteed to reach the recipients.

• Do not click on links you receive in suspicious e-mail messages. If you need to connect to your business account, enter the address manually or use a bookmark.

• To protect your business against a wide range of threats, use solutions that provide real-time protection, threat visibility, investigation, and EDR and XDR response capabilities for organizations of any size and in any industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another if your cybersecurity requirements change along the way.

• Invest in additional cyber security training for your staff to keep them up to date with the latest knowledge.