Phishing attack tries gain access to company’s social media account by claiming that the company’s Facebook page has violated policies by posting inappropriate content.
Threat Analyst Team
A targeted phishing attack mimicking a Meta notification is currently in circulation, aiming to gain access to company social media accounts.
The email starts by informing the victim that their "Business Manager" account has violated Facebook's policies by posting inappropriate content and has been scheduled for review. If the victim fails to respond within 24 hours, the account may be permanently suspended.
The email uses convincing language and creates a sense of urgency, prompting the victim to act and click on the malicious link in the email. Clicking on the link takes the victim to a webpage that closely resembles Meta's actual site, containing a form that claims to allow the victim to submit an appeal.
However, the form is designed to harvest the victim's account login credentials, as well as their personal information, which the attackers could potentially use to craft further spearphishing attacks.
The form also requires two-factor authentication, which allows malicious actors to harvest MFA tokens.
Although this phishing attack is highly sophisticated, examining the sender's address and the URL of the malicious webpage reveals that neither is related to Meta.
Off the hook – How to detect the attack and protect your organization from it
Always examine the sender's address to see if it makes sense in the context of the email. Make sure to hover over links before clicking on them, to verify where the link leads toIf in doubt, it's advisable to navigate manually to the webpage of the service provider instead of clicking on links in emails.