Phishing operators aim at Facebook page owners, with recent reports revealing that the phishers are sending fake notices from the social media giant to entice them to expose sensitive information.
In this report, the attackers are creating a lead generation form through the Meta Ads Manager. They include the link in their phishing email to harvest the information from their targeted pages.
The legitimacy of the links makes the phishing email convincing to email security solutions. It gives the targets a false sense of security since the email came from Facebook and contains URLs redirecting to Facebook.
The phishing operators have cleverly designed a convincing email.
Researchers have spotted two sophisticated phishing emails with links to a lead generation form on Facebook.
The first strategy of the phishing operators is to send a fake notification stating that one of the owner’s ads was reported by someone because it does not follow the platform’s ad policies. Moreover, the threat will continue by saying that the social media platform will deactivate the owner’s account if they do not file an appeal.
Another notification is that the users’ page has been reported for violating Facebook’s Terms of Use and threatening that Facebook will delete their page if they do not fill out an appeal form within a day.
Experts stated that phishing attempts have many lapses. The first one is that it is evident that the emails are not from Meta or the Media Operations Team Facebook since they came from an Outlook Domain. Moreover, the emails contain the term “Dear User” instead of using the specific name of the page owner.
Additionally, phishing emails have used threats such as account disabling, which is uncommon for Facebook warnings. Unfortunately, phishing links are persuasive for many incompetent users, which is why phishing emails are still thriving.
Experts suggest that if a user encounters these fake appeal forms, it is wise not to reveal any information if unnecessary details such as login credentials and credit card information are included in the files. Facebook ad accounts might be essential to profitable pages, but keeping information safe should be the top priority for all users.