Facebook Phishing Emails Are Targeting Businesses

Uploaded on 2024-06-24 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

An increasing number of scams on Facebook are targeting business accounts and it is clear that fraudsters are more and more inventive in finding ways to trick people into giving away their money or sensitive personal information.  

In one exploit, criminals pretending to be Facebook administrators send messages to businesses claiming that their accounts will be deleted soon because they violate Facebook's terms and conditions. They accuse businesses of infringing copyright and trademark rights and posting inappropriate content.

After taking over someone's Facebook account, the fraudster changes the display name on the account to '24 Hours Left To Request Review. See Why' and changes their profile picture to an orange icon with an exclamation mark. They then publish posts from the hacked Facebook page, tagging business accounts. This then triggers the business to receive an email from Facebook saying their account has been blocked. These dodgy emails include a link to 'dispute the decision to block your account'. 

If you click through, you will be asked for your page name, first and last name, phone number, date of birth and the email address or phone number linked to your Facebook account and your password.

Leading cyber security firm, Kaspersky, has focused on examples of scammers hijacking Facebook profiles and sending phishing emails to business accounts on the social media platform and have recommendation for preventive security measures. 

How Scammers Hack Your Accounts

Fraudsters can access your online accounts in a variety of ways. If you find that one of your accounts has been hacked, you may be wondering how they gained access. Here are some of the main ways a hacker can gain access:

  • A data breach: This is when hackers gain access to a system that holds confidential data on people. Fraudsters can then use this data to gain access to accounts.
  • Responding to a phishing message: Scam messages that impersonate legitimate companies and contain links leading to malicious websites can be used to harvest personal details. Links can download malware to your device that steals your personal data, or cons you into entering your information on a website.
  • On-platform chain hacking: A fraudster posts links to dodgy websites in the comment section of social media posts, which then asks the victim to enter their social media account details, thereby giving the fraudster access to these details. The fraudster may also message the victim.
  • Impersonation: Impersonating one of their contacts to try and get them to share their two-factor authentication code. 
  • Credential stuffing: This is when hackers use one password they’ve successfully used to access other accounts from the same person.
  • Shoulder surfing: This is when a scammer looks over your shoulder and watches you log in to an account.
  • Malicious apps: Dodgy apps created by fraudsters that install malware on your device, which is then used to steal login information for your accounts.

Security Measures

Expert recommendation for preventive security measures on protecting yourself from hacking include:- 

  •  Use a unique password for each account: Don't use the same password across different accounts.
  • Use a reputable password manager: This will look after your passwords securely, so you don’t have to memorise them.
  • Create secure passwords: Read our guide to understand how to make better passwords.
  • Download antivirus software: On all of your devices.
  • Update your devices: Updates include protection from viruses.
  • Set up two-factor authentication (2FA) or two-step verification (2SV):  This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.

Recovering Hacked Accounts

If your account has been hacked, beware of recovery scammers contacting you on social media telling you that they can get your account back. They can’t, and this is just another scam. 

  • Go to the help page of the account provider and find out who to contact to get assistance with a hacked account.
  • Ensure you change your password and log out of your account on all devices.
  • Check to see if any new ‘rules’ have been set up on your email account that you haven’t created. These can control where emails about your account are forwarded to.
  • Tell your contacts know that you’ve been hacked and that any messages they receive are not from you.
  • Make sure you change passwords on other accounts in case fraudsters have also hacked into them, and check your bank statement for unauthorised transactions.

Make sure to report the incident to your local police or relevant law enforcement. In Britain, if you notice any unusual behaviour on your UK bank account, call your bank immediately using the number on the back of your bank card and report it to Action Fraud. 

Kaspersky   |     NCSC   |    Which   |   Which   |     NWCRC   |    LocalSearch   |   Indepnedent Garage Assoc 

Image: Ideogram

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Five Reasons Your Organization Needs API Security Testing
US Blocks Leading Cybersecurity Firm Kaspersky »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

National Center for Manufacturing Sciences (NCMS) - USA

National Center for Manufacturing Sciences (NCMS) - USA

NCMS is a cross-industry technology development consortium, dedicated to improving the competitiveness of the US industrial base. Strategic initiatives include industrial cyber security.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Camel Secure - ZeroRisk

Camel Secure - ZeroRisk

Camel Secure is a company specialized in the development of products for information security and technology risk management.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Cyberoo

Cyberoo

We are Cyberoo, a European company specialized in Cybersecurity. We monitor your data security, leaving you free to focus on your business.