Facebook users and page admins are warned of an ongoing phishing attack where threat actors attempt to steal their account passwords. In the campaign, the attack operators send a phishing email to their victims, impersonating the Facebook team and informing the user about their accounts or pages being disabled due to violating some terms of service.
To appeal the report, the email’s recipient must click on an attached link where they are redirected to a particular Facebook post containing another link that should also be clicked to proceed with making the said appeal. Once landed on the malicious site, the user is instructed to enter sensitive details such as their full name, email address, and Facebook password.
The collected information would be delivered to the hackers’ servers to access the victims’ Facebook accounts and exploit them in any malicious activity.
Some victims use their Facebook email addresses and passwords for other platforms. The threat actors can leverage this opportunity to access those platforms and perform cybercrime.
According to security experts, most phishing attacks tend to be successful since they force their victims with urgency to perform the instructed directions they mentioned in the malicious email. A pressured victim could easily give away their sensitive details, unaware that a hacker is fooling them.
In the campaign, the domains used by the attackers would seem legitimate to those who are not observing properly. However, there will always be clear indications if a site is dangerous.
For instance, the fake email sent by the hackers would have signs that it is not real, especially with the characters used in the malicious address. Suppose the victim tries to reply to the said email, they will be redirected to an unrelated Gmail address, which the real Facebook would not use in communicating with their users.
An effective way for users to check if the message pointed on the email is real is by logging in to their Facebook accounts and verifying if they have validated any Facebook terms of service through their notifications tab.
For those who the phishing campaign had already been victimised, Facebook advised them to send a report and immediately change their passwords. Users can also log out of all unfamiliar devices that their account is logged in through the Facebook app’s security settings.
Turning on multi-factor authentication is also effective in securing a Facebook account.
Meta Description: Analysts detected an ongoing campaign that attempts to steal the Facebook accounts of users via phishing attacks that impersonate the Facebook team.
