Hackers Are Blasting Facebook Users With Phishing Emails

Uploaded on 2022-05-04 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, FREE TO VIEW

Facebook has nearly 3 billion active global users offering a big target for cyber criminals who are impersonating Facebook, sending a wave of fake messages telling users that their account will soon be taken down due to content that has been reported as infringing the rights of another user. The phishing campaign aims to steal user passwords and other personal information.

This information comes from researchers at Abnormal Security who have released details of a large scale a phishing campaign targeting Facebook users.

As part of this fake appeals process, the Facebook user is told they must provide sensitive information, including their name and email address. When the recipient tries to submit the form, a pop-up appears asking them to enter their Facebook password. If they enter their password and click Continue, the attacker then has all of the information they need to access the target’s Facebook account. 

All of the information the target puts into the phishing page is harvested by the attacker, who can then use it to login to a victim’s Facebook page and potentially logs them out of it. If the password is used on any other sites, the attackers can leverage the credentials and break into other accounts

Phishing attacks like this are successful because they create a sense of urgency and what makes this attack particularly effective is that the threat actors are leveraging Facebook’s actual infrastructure to execute the attack. Rather than sending the target straight to the phishing site via a link in the email, the attackers first redirect them to a real post on Facebook. However, while the phishing email and phishing domain might have looked legitimate at first glance, there were clues that would have suggested that something  suspicious

For example, while the email contained Facebook branding and claimed to be from Facebook itself, the sender email address was not related to Facebook at all. In addition to this, attempting to reply to the sender email directs messages to an unrelated Gmail address. 

If you suspect your Facebook account has been hacked, Go to the Settings section on the Facebook site, then click on the Security and Login tab. This will tell you all the devices and locations that you’ve accessed your account from. 

If there are any login attempts that you don’t recognise, there’s a good chance you’ve been hacked. To flag these up as suspicious, click on the ‘Not You’ tab to the right of the information.

Facebook:       ABnormal:     MetaComploiance:      ZDNet:     Oodaloop:    IT Governance:    DataProt:    

You Might Also Read:  

Phishers Are Moving In On LinkedIn:

 

« Lapsus$ Hackers Targeted T-Mobile
Improve Your Password Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Level39 (L39)

Level39 (L39)

Level39 is the world's most connected tech community, with over 200 tech startups and scaleups based onsite.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Trustifi

Trustifi

Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.