“Cyber criminals have devised a method to use authentic Facebook functions to send fake suspension warnings to business accounts.
FACEBOOK business pages have become the target of a new fraudulent scheme.
This is according to top cyber-security company, Kapersky, that said scammers were using legitimate Facebook infrastructure to send deceptive emails with threats of account suspension.
“Cyber criminals have devised a method to use authentic Facebook functions to send fake suspension warnings to business accounts.
“These emails, originating from Facebook, contain alarming messages such as ‘24 hours left to request review. See why’.”
Kaspersky cyber security expert, Andrey Kovtun, said even notifications that appear legitimate and come from a trusted source such as Facebook can be deceptive.
“It’s crucial to carefully examine the links you are prompted to follow, especially when it involves entering data or making payments. This can make a significant difference in protecting your business accounts from phishing attacks.”
Kapersky explained that after clicking the email link it leads to a genuine Facebook page displaying a similar warning.
After that, a user is redirected to a phishing site disguised with Meta branding, reducing the time to resolve the issue from 24 to 12 hours.
“Finally, the phishing site asks for innocuous information, followed by a request for the account’s email, or phone number and password.
“The attackers utilise compromised Facebook accounts to send these notifications. They change the account name to a threatening message and the profile picture to an exclamation mark, after which they create posts mentioning the targeted business accounts.
“And because delivery is via the actual Facebook infrastructure, these notifications are guaranteed to reach their intended recipients,” the cyber security company added.
Recommendations:
- Avoid opening links received in suspicious email messages. If you need to sign in to your account with the organisation, type in the address manually or use a bookmark.
- Invest in additional cyber-security courses for staff to keep them up to date with the latest knowledge.
- To protect the company against a wide range of threats, use solutions that provide real-time protection, threat visibility, investigation and response capabilities.