Hackers Are Blasting Facebook Users With Phishing Emails

Uploaded on 2022-05-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Facebook has nearly 3 billion active global users offering a big target for cyber criminals who are impersonating Facebook, sending a wave of fake messages telling users that their account will soon be taken down due to content that has been reported as infringing the rights of another user. The phishing campaign aims to steal user passwords and other personal information.

This information comes from researchers at Abnormal Security who have released details of a large scale a phishing campaign targeting Facebook users.

As part of this fake appeals process, the Facebook user is told they must provide sensitive information, including their name and email address. When the recipient tries to submit the form, a pop-up appears asking them to enter their Facebook password. If they enter their password and click Continue, the attacker then has all of the information they need to access the target’s Facebook account. 

All of the information the target puts into the phishing page is harvested by the attacker, who can then use it to login to a victim’s Facebook page and potentially logs them out of it. If the password is used on any other sites, the attackers can leverage the credentials and break into other accounts

Phishing attacks like this are successful because they create a sense of urgency and what makes this attack particularly effective is that the threat actors are leveraging Facebook’s actual infrastructure to execute the attack. Rather than sending the target straight to the phishing site via a link in the email, the attackers first redirect them to a real post on Facebook. However, while the phishing email and phishing domain might have looked legitimate at first glance, there were clues that would have suggested that something  suspicious

For example, while the email contained Facebook branding and claimed to be from Facebook itself, the sender email address was not related to Facebook at all. In addition to this, attempting to reply to the sender email directs messages to an unrelated Gmail address. 

If you suspect your Facebook account has been hacked, Go to the Settings section on the Facebook site, then click on the Security and Login tab. This will tell you all the devices and locations that you’ve accessed your account from. 

If there are any login attempts that you don’t recognise, there’s a good chance you’ve been hacked. To flag these up as suspicious, click on the ‘Not You’ tab to the right of the information.

Facebook:       ABnormal:     MetaComploiance:      ZDNet:     Oodaloop:    IT Governance:    DataProt:    

You Might Also Read:  

Phishers Are Moving In On LinkedIn:

 

« Lapsus$ Hackers Targeted T-Mobile
Improve Your Password Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Sentor Managed Security Services

Sentor Managed Security Services

Sentor Managed Security Services is a cybersecurity company that enables organizations to exist in a digitally connected world.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.