Facebook Phishing Emails Are Targeting Businesses

Uploaded on 2024-06-24 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

An increasing number of scams on Facebook are targeting business accounts and it is clear that fraudsters are more and more inventive in finding ways to trick people into giving away their money or sensitive personal information.  

In one exploit, criminals pretending to be Facebook administrators send messages to businesses claiming that their accounts will be deleted soon because they violate Facebook's terms and conditions. They accuse businesses of infringing copyright and trademark rights and posting inappropriate content.

After taking over someone's Facebook account, the fraudster changes the display name on the account to '24 Hours Left To Request Review. See Why' and changes their profile picture to an orange icon with an exclamation mark. They then publish posts from the hacked Facebook page, tagging business accounts. This then triggers the business to receive an email from Facebook saying their account has been blocked. These dodgy emails include a link to 'dispute the decision to block your account'. 

If you click through, you will be asked for your page name, first and last name, phone number, date of birth and the email address or phone number linked to your Facebook account and your password.

Leading cyber security firm, Kaspersky, has focused on examples of scammers hijacking Facebook profiles and sending phishing emails to business accounts on the social media platform and have recommendation for preventive security measures. 

How Scammers Hack Your Accounts

Fraudsters can access your online accounts in a variety of ways. If you find that one of your accounts has been hacked, you may be wondering how they gained access. Here are some of the main ways a hacker can gain access:

  • A data breach: This is when hackers gain access to a system that holds confidential data on people. Fraudsters can then use this data to gain access to accounts.
  • Responding to a phishing message: Scam messages that impersonate legitimate companies and contain links leading to malicious websites can be used to harvest personal details. Links can download malware to your device that steals your personal data, or cons you into entering your information on a website.
  • On-platform chain hacking: A fraudster posts links to dodgy websites in the comment section of social media posts, which then asks the victim to enter their social media account details, thereby giving the fraudster access to these details. The fraudster may also message the victim.
  • Impersonation: Impersonating one of their contacts to try and get them to share their two-factor authentication code. 
  • Credential stuffing: This is when hackers use one password they’ve successfully used to access other accounts from the same person.
  • Shoulder surfing: This is when a scammer looks over your shoulder and watches you log in to an account.
  • Malicious apps: Dodgy apps created by fraudsters that install malware on your device, which is then used to steal login information for your accounts.

Security Measures

Expert recommendation for preventive security measures on protecting yourself from hacking include:- 

  •  Use a unique password for each account: Don't use the same password across different accounts.
  • Use a reputable password manager: This will look after your passwords securely, so you don’t have to memorise them.
  • Create secure passwords: Read our guide to understand how to make better passwords.
  • Download antivirus software: On all of your devices.
  • Update your devices: Updates include protection from viruses.
  • Set up two-factor authentication (2FA) or two-step verification (2SV):  This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.

Recovering Hacked Accounts

If your account has been hacked, beware of recovery scammers contacting you on social media telling you that they can get your account back. They can’t, and this is just another scam. 

  • Go to the help page of the account provider and find out who to contact to get assistance with a hacked account.
  • Ensure you change your password and log out of your account on all devices.
  • Check to see if any new ‘rules’ have been set up on your email account that you haven’t created. These can control where emails about your account are forwarded to.
  • Tell your contacts know that you’ve been hacked and that any messages they receive are not from you.
  • Make sure you change passwords on other accounts in case fraudsters have also hacked into them, and check your bank statement for unauthorised transactions.

Make sure to report the incident to your local police or relevant law enforcement. In Britain, if you notice any unusual behaviour on your UK bank account, call your bank immediately using the number on the back of your bank card and report it to Action Fraud. 

Kaspersky   |     NCSC   |    Which   |   Which   |     NWCRC   |    LocalSearch   |   Indepnedent Garage Assoc 

Image: Ideogram

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five Reasons Your Organization Needs API Security Testing
US Blocks Leading Cybersecurity Firm Kaspersky »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Micro Strategies Inc.

Micro Strategies Inc.

Micro Strategies provides IT solutions that help businesses tackle digital transformation in style.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Alertot

Alertot

Hackers attack minutes after a new vulnerability is published. Alertot helps to decrease exposure time in organizations by notifying new issues when they are disclosed.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

HWG

HWG

HWG is a company specialized in providing cyber security solutions and consulting services.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.