Facebook Phishing Emails Are Targeting Businesses

An increasing number of scams on Facebook are targeting business accounts and it is clear that fraudsters are more and more inventive in finding ways to trick people into giving away their money or sensitive personal information.  

In one exploit, criminals pretending to be Facebook administrators send messages to businesses claiming that their accounts will be deleted soon because they violate Facebook's terms and conditions. They accuse businesses of infringing copyright and trademark rights and posting inappropriate content.

After taking over someone's Facebook account, the fraudster changes the display name on the account to '24 Hours Left To Request Review. See Why' and changes their profile picture to an orange icon with an exclamation mark. They then publish posts from the hacked Facebook page, tagging business accounts. This then triggers the business to receive an email from Facebook saying their account has been blocked. These dodgy emails include a link to 'dispute the decision to block your account'. 

If you click through, you will be asked for your page name, first and last name, phone number, date of birth and the email address or phone number linked to your Facebook account and your password.

Leading cyber security firm, Kaspersky, has focused on examples of scammers hijacking Facebook profiles and sending phishing emails to business accounts on the social media platform and have recommendation for preventive security measures. 

How Scammers Hack Your Accounts

Fraudsters can access your online accounts in a variety of ways. If you find that one of your accounts has been hacked, you may be wondering how they gained access. Here are some of the main ways a hacker can gain access:

  • A data breach: This is when hackers gain access to a system that holds confidential data on people. Fraudsters can then use this data to gain access to accounts.
  • Responding to a phishing message: Scam messages that impersonate legitimate companies and contain links leading to malicious websites can be used to harvest personal details. Links can download malware to your device that steals your personal data, or cons you into entering your information on a website.
  • On-platform chain hacking: A fraudster posts links to dodgy websites in the comment section of social media posts, which then asks the victim to enter their social media account details, thereby giving the fraudster access to these details. The fraudster may also message the victim.
  • Impersonation: Impersonating one of their contacts to try and get them to share their two-factor authentication code. 
  • Credential stuffing: This is when hackers use one password they’ve successfully used to access other accounts from the same person.
  • Shoulder surfing: This is when a scammer looks over your shoulder and watches you log in to an account.
  • Malicious apps: Dodgy apps created by fraudsters that install malware on your device, which is then used to steal login information for your accounts.

Security Measures

Expert recommendation for preventive security measures on protecting yourself from hacking include:- 

  •  Use a unique password for each account: Don't use the same password across different accounts.
  • Use a reputable password manager: This will look after your passwords securely, so you don’t have to memorise them.
  • Create secure passwords: Read our guide to understand how to make better passwords.
  • Download antivirus software: On all of your devices.
  • Update your devices: Updates include protection from viruses.
  • Set up two-factor authentication (2FA) or two-step verification (2SV):  This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.

Recovering Hacked Accounts

If your account has been hacked, beware of recovery scammers contacting you on social media telling you that they can get your account back. They can’t, and this is just another scam. 

  • Go to the help page of the account provider and find out who to contact to get assistance with a hacked account.
  • Ensure you change your password and log out of your account on all devices.
  • Check to see if any new ‘rules’ have been set up on your email account that you haven’t created. These can control where emails about your account are forwarded to.
  • Tell your contacts know that you’ve been hacked and that any messages they receive are not from you.
  • Make sure you change passwords on other accounts in case fraudsters have also hacked into them, and check your bank statement for unauthorised transactions.

Make sure to report the incident to your local police or relevant law enforcement. In Britain, if you notice any unusual behaviour on your UK bank account, call your bank immediately using the number on the back of your bank card and report it to Action Fraud. 

Kaspersky   |     NCSC   |    Which   |   Which   |     NWCRC   |    LocalSearch   |   Indepnedent Garage Assoc 

Image: Ideogram

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Five Reasons Your Organization Needs API Security Testing
US Blocks Leading Cybersecurity Firm Kaspersky »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Mielabelo

Mielabelo

Belgian consulting firm providing services in the security and compliance of information systems and IT service management.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Caretower

Caretower

Caretower is one of Europe’s leading value added managed service provider in cyber security.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.

Greenway Solutions

Greenway Solutions

Greenway Solutions are trusted advisors relied upon by our clients to combat sophisticated adversaries in the fraud and security domain.