Hackers Are Blasting Facebook Users With Phishing Emails

Facebook has nearly 3 billion active global users offering a big target for cyber criminals who are impersonating Facebook, sending a wave of fake messages telling users that their account will soon be taken down due to content that has been reported as infringing the rights of another user. The phishing campaign aims to steal user passwords and other personal information.

This information comes from researchers at Abnormal Security who have released details of a large scale a phishing campaign targeting Facebook users.

As part of this fake appeals process, the Facebook user is told they must provide sensitive information, including their name and email address. When the recipient tries to submit the form, a pop-up appears asking them to enter their Facebook password. If they enter their password and click Continue, the attacker then has all of the information they need to access the target’s Facebook account. 

All of the information the target puts into the phishing page is harvested by the attacker, who can then use it to login to a victim’s Facebook page and potentially logs them out of it. If the password is used on any other sites, the attackers can leverage the credentials and break into other accounts

Phishing attacks like this are successful because they create a sense of urgency and what makes this attack particularly effective is that the threat actors are leveraging Facebook’s actual infrastructure to execute the attack. Rather than sending the target straight to the phishing site via a link in the email, the attackers first redirect them to a real post on Facebook. However, while the phishing email and phishing domain might have looked legitimate at first glance, there were clues that would have suggested that something  suspicious

For example, while the email contained Facebook branding and claimed to be from Facebook itself, the sender email address was not related to Facebook at all. In addition to this, attempting to reply to the sender email directs messages to an unrelated Gmail address. 

If you suspect your Facebook account has been hacked, Go to the Settings section on the Facebook site, then click on the Security and Login tab. This will tell you all the devices and locations that you’ve accessed your account from. 

If there are any login attempts that you don’t recognise, there’s a good chance you’ve been hacked. To flag these up as suspicious, click on the ‘Not You’ tab to the right of the information.

Facebook:       ABnormal:     MetaComploiance:      ZDNet:     Oodaloop:    IT Governance:    DataProt:    

You Might Also Read:  

Phishers Are Moving In On LinkedIn:

 

« Lapsus$ Hackers Targeted T-Mobile
Improve Your Password Security »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

vdiscovery

vdiscovery

vdiscovery is a provider of proprietary and best-in-breed solutions in computer forensics, document review, and electronic discovery.

ICTSecurity Portal - Austria

ICTSecurity Portal - Austria

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

HB-Technologies

HB-Technologies

HB-Technologies is pioneer in Africa, in digital security, embedded electronic and IT solutions based on highly secure smart cards that comply with international standards and norms.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

Privacy Compliance Hub

Privacy Compliance Hub

Privacy Compliance Hub provide an easy to use platform with a comprehensive data protection compliance programme including training, information, templates and reporting.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.

Auraya

Auraya

Auraya develops its next generation voice biometric AI to deliver easy-to-use and highly secure speaker recognition and fraud detection capabilities.

ecfirst

ecfirst

ecfirst's mission is to establish AI platforms and service capabilities to assess and manage client compliance with global mandates on a continual basis to secure business data and assets.

BlackOwlCybers

BlackOwlCybers

BlackOwlCybers is a dedicated cybersecurity firm providing comprehensive solutions to protect businesses from evolving digital threats.