Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Don't fall for this devious phishing scam, Facebook users warned

Image Description

A new phishing campaign is targeting the administrators of company pages on Facebook, security researchers have warned.

As reported by ZDNet, Abnormal Security has identified emails delivered to Facebook users claiming that their account will be permanently closed if an issue is not rectified urgently.

The objective of the scam is to trick people into handing over their passwords and personal information, potentially with a view to hijacking the company pages they administrate.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

False sense of urgency

First, the victim receives an email addressed from “The Facebook Team”, which warns that they have repeatedly posted content that infringes on someone else’s copyright. Unless they appeal the claim immediately, their account will be closed, the victim is told.

The email carries two links: one that leads to a genuine Facebook post (probably to help bypass email protection services) and another that directs the victim to a website where they can “plead their case”. 

This malicious page isn't host to any malware, but rather asks the victim to provide personal information, including their name, email address and Facebook password. 

Commenting on the findings, Rachelle Chouinard, Threat Intelligence Analyst at Abnormal Security, explained that it’s the false sense of urgency that catches people out.

"This is often enough to convince recipients to provide their personal information, particularly if they are using their Facebook account for business purposes,” said Chouinard.

Even though the attackers did their best to hide the fact that the emails weren’t coming from Facebook, there are a few red flags for those with an eye for detail. For example, the sender's address is not related to the Facebook domain in any way, and pressing “reply” brings up an unrelated Gmail address. 

The researchers also said that legitimate companies will never use language designed to spark fear in the recipient. 

Those who still aren’t sure if something’s wrong with their account, should rather log in by typing the address directly into the browser, rather than clicking on a link. If anything indeed is wrong with the account, there will be a notification waiting on the profile page.

Via ZDNet

Date

26 Apr 2022

Sources


Share


Other Blog

  • India's e-com festival season sale up by 65% this year at $8.3 billion

    India’s online festive sale for a month pulled in $8.3 billion in gross sales up by 65% from last year, according to a research report.

    Read More
  • Windows 11 blocks testers from using classic Windows 10 Start menu

    A workaround to revert to the traditional Start menu has been removed from the latest preview of Windows 11.

    Read More
  • What is PCI compliance? A Payment Card Industry Data Security Standard (PCI DSS) guide

    PCI compliance is a global standard of payment security which protects stored, processed and transmitted payment data.

    Read More
  • Valve Steam Console: everything we know about the SteamPal handheld

    Is Valve working on a handheld Steam Console? We’ve rounded up all the rumors surrounding Valve’s portable PC that you need to know.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us