Hackers Are Blasting Facebook Users With Phishing Emails

Facebook has nearly 3 billion active global users offering a big target for cyber criminals who are impersonating Facebook, sending a wave of fake messages telling users that their account will soon be taken down due to content that has been reported as infringing the rights of another user. The phishing campaign aims to steal user passwords and other personal information.

This information comes from researchers at Abnormal Security who have released details of a large scale a phishing campaign targeting Facebook users.

As part of this fake appeals process, the Facebook user is told they must provide sensitive information, including their name and email address. When the recipient tries to submit the form, a pop-up appears asking them to enter their Facebook password. If they enter their password and click Continue, the attacker then has all of the information they need to access the target’s Facebook account. 

All of the information the target puts into the phishing page is harvested by the attacker, who can then use it to login to a victim’s Facebook page and potentially logs them out of it. If the password is used on any other sites, the attackers can leverage the credentials and break into other accounts

Phishing attacks like this are successful because they create a sense of urgency and what makes this attack particularly effective is that the threat actors are leveraging Facebook’s actual infrastructure to execute the attack. Rather than sending the target straight to the phishing site via a link in the email, the attackers first redirect them to a real post on Facebook. However, while the phishing email and phishing domain might have looked legitimate at first glance, there were clues that would have suggested that something  suspicious

For example, while the email contained Facebook branding and claimed to be from Facebook itself, the sender email address was not related to Facebook at all. In addition to this, attempting to reply to the sender email directs messages to an unrelated Gmail address. 

If you suspect your Facebook account has been hacked, Go to the Settings section on the Facebook site, then click on the Security and Login tab. This will tell you all the devices and locations that you’ve accessed your account from. 

If there are any login attempts that you don’t recognise, there’s a good chance you’ve been hacked. To flag these up as suspicious, click on the ‘Not You’ tab to the right of the information.

Facebook:       ABnormal:     MetaComploiance:      ZDNet:     Oodaloop:    IT Governance:    DataProt:    

You Might Also Read:  

Phishers Are Moving In On LinkedIn:

 

« Lapsus$ Hackers Targeted T-Mobile
Improve Your Password Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

Cleafy

Cleafy

Cleafy are a team of fraud hunters, cybersecurity experts, data scientists, and software engineers. Our purpose is to make people’s life easier and free from the threats in the digital ecosystem.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.