Hackers Are Blasting Facebook Users With Phishing Emails

Facebook has nearly 3 billion active global users offering a big target for cyber criminals who are impersonating Facebook, sending a wave of fake messages telling users that their account will soon be taken down due to content that has been reported as infringing the rights of another user. The phishing campaign aims to steal user passwords and other personal information.

This information comes from researchers at Abnormal Security who have released details of a large scale a phishing campaign targeting Facebook users.

As part of this fake appeals process, the Facebook user is told they must provide sensitive information, including their name and email address. When the recipient tries to submit the form, a pop-up appears asking them to enter their Facebook password. If they enter their password and click Continue, the attacker then has all of the information they need to access the target’s Facebook account. 

All of the information the target puts into the phishing page is harvested by the attacker, who can then use it to login to a victim’s Facebook page and potentially logs them out of it. If the password is used on any other sites, the attackers can leverage the credentials and break into other accounts

Phishing attacks like this are successful because they create a sense of urgency and what makes this attack particularly effective is that the threat actors are leveraging Facebook’s actual infrastructure to execute the attack. Rather than sending the target straight to the phishing site via a link in the email, the attackers first redirect them to a real post on Facebook. However, while the phishing email and phishing domain might have looked legitimate at first glance, there were clues that would have suggested that something  suspicious

For example, while the email contained Facebook branding and claimed to be from Facebook itself, the sender email address was not related to Facebook at all. In addition to this, attempting to reply to the sender email directs messages to an unrelated Gmail address. 

If you suspect your Facebook account has been hacked, Go to the Settings section on the Facebook site, then click on the Security and Login tab. This will tell you all the devices and locations that you’ve accessed your account from. 

If there are any login attempts that you don’t recognise, there’s a good chance you’ve been hacked. To flag these up as suspicious, click on the ‘Not You’ tab to the right of the information.

Facebook:       ABnormal:     MetaComploiance:      ZDNet:     Oodaloop:    IT Governance:    DataProt:    

You Might Also Read:  

Phishers Are Moving In On LinkedIn:

 

« Lapsus$ Hackers Targeted T-Mobile
Improve Your Password Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

Tigera

Tigera

Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Safetech Innovations

Safetech Innovations

Safetech Innovations is a team of cyber security experts, always at your service. We use human and cyber intelligence to help your business in uncertain times.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.