Fraudsters target business Facebook accounts using Meta's infrastructure and branding

Kaspersky has discovered a new phishing scam targeting business Facebook accounts, using legitimate Facebook services to send misleading emails with threats to suspend the account. Cybercriminals have devised a method to use authentic Facebook features to send fake suspension warnings to business accounts. These emails, originating from Facebook, contain warning messages such as "24 hours remain to submit a review request. See why."

Clicking on the email takes the recipient to a genuine Facebook page with a corresponding warning. After that, the user is redirected to a phishing page camouflaged under the Meta name, reducing the resolution time from 24 to 12 hours. Finally, the phishing site initially asks for harmless information, followed by a request for the account email, or phone number and password.

The perpetrators are using compromised Facebook accounts to send these notifications. They change the account name to a threatening message, and the profile picture to an exclamation point, and then create posts that mention the targeted business accounts. And because the delivery is done through Facebook's actual infrastructure, these alerts definitely reach their intended recipients.

• Avoid opening links you receive from suspicious emails. If you need to log in to your account at the referring organisation, type in the address yourself or use a bookmark.
• To protect your company from a wide range of threats, use solutions that provide real-time protection, threat visibility, EDR and XDR investigation and response capabilities for organizations of all sizes and industries. Depending on your current needs and available resources, you can choose the most appropriate product category and easily switch to another if your cybersecurity requirements change.
• Invest in cybersecurity training programs for your staff to keep them up to date with the latest knowledge.