- Hackers spoof Facebook alerts using real facebookmail.com domain to phish Business Suite users
- Over 40,000 emails sent; one firm received 4,000+—mostly templated, wide-net campaigns
- Defense requires MFA, password managers, staff training, and vigilant account monitoring
Cybercriminals are targeting Facebook Business Suite users with highly convincing phishing emails, tricking them into handing over login credentials and other valuable information, experts have warned.
The social network’s business platform lacks appropriate identity safeguards, allowing hackers to impersonate Facebook itself and abuse the trust users have in the platform, experts from Check Point Research (CPR) found.
The Facebook Business Suite is a centralized platform that allows businesses to manage their Facebook, Instagram, and Messenger accounts in one place. It is mostly used by small and medium-sized businesses (SMB), social media managers, and marketers.
What can be done?
However, when a malicious actor creates a new Facebook Business page, they can simply set up a name and upload a logo that mimics official Facebook branding and send out phishing emails that appear as official Facebook alerts.
“Crucially, these messages are sent from the legitimate facebookmail.com domain,” the researchers explained, “most users are trained to distrust strange-looking sender addresses, but in this case, the emails come from a domain they know and trust. As a result, the phishing messages are far more convincing.”
The notifications the attackers send out usually revolve around topics that might be interesting to SMBs and mid-market enterprises – account verifications, Meta partner programs, or free advertising credit programs.
So far, the attackers sent out more than 40,000 phishing emails to Check Point’s customer base (roughly 5,000 entities), which means the actual scale of the operation is likely much bigger.
Among CPR’s customers, most received fewer than 300 emails, but one company was flooded with more than 4,000 messages. Most of the messages are templated, which means the goal was not to compromise specific organizations, but rather to cast a wide net and see who gets caught.
The victims are primarily located in the US, Europe, Canada, and Australia.
There are a number of things that can be done to defend against these sophisticated phishing attacks.
Primarily, users should use a centralized password manager and enable multi-factor authentication (MFA) on all accounts. Then, they should make sure to carefully verify sender authenticity and educate their employees and social media managers on the risk of social engineering on the platform.
Finally, they should monitor their accounts for suspicious activity and report all phishing attempts to Facebook.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/67QEkNmhnhtgeAtjNJ4fdJ-970-80.jpg
Source link
