Advanced phishing attack mimics Facebook policy violation notification

Post hero image

Table of contents

A targeted phishing attack mimicking a Meta notification is currently in circulation, aiming to gain access to company social media accounts.

The email starts by informing the victim that their "Business Manager" account has violated Facebook's policies by posting inappropriate content and has been scheduled for review. If the victim fails to respond within 24 hours, the account may be permanently suspended.

Screenshot of targeted phishing attack mimicking Meta

The email uses convincing language and creates a sense of urgency, prompting the victim to act and click on the malicious link in the email. Clicking on the link takes the victim to a webpage that closely resembles Meta's actual site, containing a form that claims to allow the victim to submit an appeal.

However, the form is designed to harvest the victim's account login credentials, as well as their personal information, which the attackers could potentially use to craft further spearphishing attacks.

Screenshot of credential harvester used in this campaign

The form also requires two-factor authentication, which allows malicious actors to harvest MFA tokens.

Although this phishing attack is highly sophisticated, examining the sender's address and the URL of the malicious webpage reveals that neither is related to Meta.

Off the hook – How to detect the attack and protect your organization from it

Always examine the sender's address to see if it makes sense in the context of the email. Make sure to hover over links before clicking on them, to verify where the link leads toIf in doubt, it's advisable to navigate manually to the webpage of the service provider instead of clicking on links in emails.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this