Kaspersky has discovered a new phishing scheme targeting Facebook business accounts, using legitimate Facebook infrastructure to send deceptive emails with threats of account suspension.
Cybercriminals have devised a method to use authentic Facebook functions to send fake suspension warnings to business accounts. These emails, originating from Facebook, contain alarming messages such as “24 Hours Left to Request Review. See Why”.
Clicking the email link leads to a genuine Facebook page displaying a similar warning. After that, a user is redirected to a phishing site disguised with Meta branding, reducing the time to resolve the issue from 24 to 12 hours. Finally, the phishing site initially asks for innocuous information, followed by a request for the account’s email, or phone number and password.
The attackers utilise compromised Facebook accounts to send these notifications. They change the account name to a threatening message and the profile picture to an exclamation mark, after which they create posts mentioning the targeted business accounts. And because delivery is via the actual Facebook infrastructure, these notifications are guaranteed to reach their intended recipients.
“Even notifications that appear legitimate and come from a trusted source such as Facebook can be deceptive. It’s crucial to carefully examine the links you are prompted to follow, especially when it involves entering data or making payments. This can make a significant difference in protecting your business accounts from phishing attacks,” comments Andrey Kovtun, a security expert at Kaspersky.