Facebook Phishing Emails Are Targeting Businesses

An increasing number of scams on Facebook are targeting business accounts and it is clear that fraudsters are more and more inventive in finding ways to trick people into giving away their money or sensitive personal information.  

In one exploit, criminals pretending to be Facebook administrators send messages to businesses claiming that their accounts will be deleted soon because they violate Facebook's terms and conditions. They accuse businesses of infringing copyright and trademark rights and posting inappropriate content.

After taking over someone's Facebook account, the fraudster changes the display name on the account to '24 Hours Left To Request Review. See Why' and changes their profile picture to an orange icon with an exclamation mark. They then publish posts from the hacked Facebook page, tagging business accounts. This then triggers the business to receive an email from Facebook saying their account has been blocked. These dodgy emails include a link to 'dispute the decision to block your account'. 

If you click through, you will be asked for your page name, first and last name, phone number, date of birth and the email address or phone number linked to your Facebook account and your password.

Leading cyber security firm, Kaspersky, has focused on examples of scammers hijacking Facebook profiles and sending phishing emails to business accounts on the social media platform and have recommendation for preventive security measures. 

How Scammers Hack Your Accounts

Fraudsters can access your online accounts in a variety of ways. If you find that one of your accounts has been hacked, you may be wondering how they gained access. Here are some of the main ways a hacker can gain access:

  • A data breach: This is when hackers gain access to a system that holds confidential data on people. Fraudsters can then use this data to gain access to accounts.
  • Responding to a phishing message: Scam messages that impersonate legitimate companies and contain links leading to malicious websites can be used to harvest personal details. Links can download malware to your device that steals your personal data, or cons you into entering your information on a website.
  • On-platform chain hacking: A fraudster posts links to dodgy websites in the comment section of social media posts, which then asks the victim to enter their social media account details, thereby giving the fraudster access to these details. The fraudster may also message the victim.
  • Impersonation: Impersonating one of their contacts to try and get them to share their two-factor authentication code. 
  • Credential stuffing: This is when hackers use one password they’ve successfully used to access other accounts from the same person.
  • Shoulder surfing: This is when a scammer looks over your shoulder and watches you log in to an account.
  • Malicious apps: Dodgy apps created by fraudsters that install malware on your device, which is then used to steal login information for your accounts.

Security Measures

Expert recommendation for preventive security measures on protecting yourself from hacking include:- 

  •  Use a unique password for each account: Don't use the same password across different accounts.
  • Use a reputable password manager: This will look after your passwords securely, so you don’t have to memorise them.
  • Create secure passwords: Read our guide to understand how to make better passwords.
  • Download antivirus software: On all of your devices.
  • Update your devices: Updates include protection from viruses.
  • Set up two-factor authentication (2FA) or two-step verification (2SV):  This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.

Recovering Hacked Accounts

If your account has been hacked, beware of recovery scammers contacting you on social media telling you that they can get your account back. They can’t, and this is just another scam. 

  • Go to the help page of the account provider and find out who to contact to get assistance with a hacked account.
  • Ensure you change your password and log out of your account on all devices.
  • Check to see if any new ‘rules’ have been set up on your email account that you haven’t created. These can control where emails about your account are forwarded to.
  • Tell your contacts know that you’ve been hacked and that any messages they receive are not from you.
  • Make sure you change passwords on other accounts in case fraudsters have also hacked into them, and check your bank statement for unauthorised transactions.

Make sure to report the incident to your local police or relevant law enforcement. In Britain, if you notice any unusual behaviour on your UK bank account, call your bank immediately using the number on the back of your bank card and report it to Action Fraud. 

Kaspersky   |     NCSC   |    Which   |   Which   |     NWCRC   |    LocalSearch   |   Indepnedent Garage Assoc 

Image: Ideogram

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Five Reasons Your Organization Needs API Security Testing
US Blocks Leading Cybersecurity Firm Kaspersky »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Vizius Group

Vizius Group

The Vizius Group are a think tank of cybersecurity consultants who understand the mechanics and business value of risk reduction.

Aura

Aura

Aura is a mission driven technology company dedicated to creating a safer internet for everyone. We’re making comprehensive digital security that's simple to understand and easy to use.

NASK SA

NASK SA

NASK SA is an integrator of telecommunications services. We provide advanced ICT security services, collocation and hosting, data centre services, and build corporate networks.

JanBask Training

JanBask Training

JanBask Training is a dynamic, highly professional, global online training provider committed to propelling the next generation of technology learners with a whole new way of training experience.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

Bureau

Bureau

Bureau is a no-code, identity decisioning platform that offers businesses the complete range of risk, compliance and ongoing fraud monitoring solutions innovated with AI.

Rankiteo

Rankiteo

At Rankiteo, we are pioneers in cybersecurity risk management. Our mission is to empower organizations with the tools they need to assess, enhance, and safeguard their digital landscapes.

Aeris

Aeris

Aeris IoT Watchtower is the world’s first fully integrated cyber security solution for cellular IoT devices.