In the case of a new Facebook-themed phishing attack, reported by Avanan researchers, attackers are leveraging Facebook copyright infringement notices, besides all above mentioned artifacts, to steal credentials.
Tricking with a sense of urgency
The phishing scam starts with a basic email from Facebook stating ‘your account has been suspended.’ The email looks convincing as it mentions the page’s name and creates a sense of urgency.
Hackers in this scam tell users that their account or activities on it doesn’t follow Community Standards. It adds that a photo uploaded to the account’s page has violated Facebook’s copyright infringement policy.
The email threatens to permanently disable the account if the user doesn’t appeal this suspension within 24 hours.
However, the link does not go to a Meta page, but rather to a credential-harvesting page.
Red flags
This email has a sender address that clearly does not come from the Meta team.
On hovering over the link, it can be seen it does not go to a Facebook-related page but leads to a credential-harvesting page.
Recent Facebook-inspired attacks
Last month, attackers were using Meta-Phish and social engineering tactics to steal PII, login credentials, and Facebook profile links by mimicking Facebook’s copyright appeal page.
In the same month, researchers uncovered an Android malware campaign, in which malicious apps masqueraded as reading and education apps to distribute the Schoolyard Bully trojan and attempted to steal Facebook account credentials.
Wrapping up
Social media platforms are hotbeds of cyberattacks and Facebook has been among the top targets with the most sophisticated tricks by adversaries. Users need to follow safety tips to nullify such phishing efforts.