Facebook Phishing Emails Are Targeting Businesses

An increasing number of scams on Facebook are targeting business accounts and it is clear that fraudsters are more and more inventive in finding ways to trick people into giving away their money or sensitive personal information.  

In one exploit, criminals pretending to be Facebook administrators send messages to businesses claiming that their accounts will be deleted soon because they violate Facebook's terms and conditions. They accuse businesses of infringing copyright and trademark rights and posting inappropriate content.

After taking over someone's Facebook account, the fraudster changes the display name on the account to '24 Hours Left To Request Review. See Why' and changes their profile picture to an orange icon with an exclamation mark. They then publish posts from the hacked Facebook page, tagging business accounts. This then triggers the business to receive an email from Facebook saying their account has been blocked. These dodgy emails include a link to 'dispute the decision to block your account'. 

If you click through, you will be asked for your page name, first and last name, phone number, date of birth and the email address or phone number linked to your Facebook account and your password.

Leading cyber security firm, Kaspersky, has focused on examples of scammers hijacking Facebook profiles and sending phishing emails to business accounts on the social media platform and have recommendation for preventive security measures. 

How Scammers Hack Your Accounts

Fraudsters can access your online accounts in a variety of ways. If you find that one of your accounts has been hacked, you may be wondering how they gained access. Here are some of the main ways a hacker can gain access:

  • A data breach: This is when hackers gain access to a system that holds confidential data on people. Fraudsters can then use this data to gain access to accounts.
  • Responding to a phishing message: Scam messages that impersonate legitimate companies and contain links leading to malicious websites can be used to harvest personal details. Links can download malware to your device that steals your personal data, or cons you into entering your information on a website.
  • On-platform chain hacking: A fraudster posts links to dodgy websites in the comment section of social media posts, which then asks the victim to enter their social media account details, thereby giving the fraudster access to these details. The fraudster may also message the victim.
  • Impersonation: Impersonating one of their contacts to try and get them to share their two-factor authentication code. 
  • Credential stuffing: This is when hackers use one password they’ve successfully used to access other accounts from the same person.
  • Shoulder surfing: This is when a scammer looks over your shoulder and watches you log in to an account.
  • Malicious apps: Dodgy apps created by fraudsters that install malware on your device, which is then used to steal login information for your accounts.

Security Measures

Expert recommendation for preventive security measures on protecting yourself from hacking include:- 

  •  Use a unique password for each account: Don't use the same password across different accounts.
  • Use a reputable password manager: This will look after your passwords securely, so you don’t have to memorise them.
  • Create secure passwords: Read our guide to understand how to make better passwords.
  • Download antivirus software: On all of your devices.
  • Update your devices: Updates include protection from viruses.
  • Set up two-factor authentication (2FA) or two-step verification (2SV):  This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.

Recovering Hacked Accounts

If your account has been hacked, beware of recovery scammers contacting you on social media telling you that they can get your account back. They can’t, and this is just another scam. 

  • Go to the help page of the account provider and find out who to contact to get assistance with a hacked account.
  • Ensure you change your password and log out of your account on all devices.
  • Check to see if any new ‘rules’ have been set up on your email account that you haven’t created. These can control where emails about your account are forwarded to.
  • Tell your contacts know that you’ve been hacked and that any messages they receive are not from you.
  • Make sure you change passwords on other accounts in case fraudsters have also hacked into them, and check your bank statement for unauthorised transactions.

Make sure to report the incident to your local police or relevant law enforcement. In Britain, if you notice any unusual behaviour on your UK bank account, call your bank immediately using the number on the back of your bank card and report it to Action Fraud. 

Kaspersky   |     NCSC   |    Which   |   Which   |     NWCRC   |    LocalSearch   |   Indepnedent Garage Assoc 

Image: Ideogram

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Five Reasons Your Organization Needs API Security Testing
US Blocks Leading Cybersecurity Firm Kaspersky »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Verint Systems

Verint Systems

Verint is a leader in Actionable Intelligence with a focus on customer engagement optimisation, security intelligence, fraud, risk and compliance.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.