Digital security professionals, have uncovered a new phishing scam targeting businesses that promote their Facebook pages. Scammers send emails mimicking official emails that are allegedly sent on behalf of Meta for Business – Facebook’s platform for businesses. These claim the business page contains prohibited content.
The email then suggests users provide explanations in order for their account and page to be unblocked. The goal of the attackers appears to be focused on getting access to the users’ business accounts.
However, on examination of the “From” field in the email it can be established that the domain does not originate from the official Facebook or Meta domains. This clearly and indicates a fake web domain.
New Sophistication in Scam
Kaspersky, the digital security software company has confirmed that the data contained in the emails in this scam campaign, were sent from non-original destinations.
The link in the email redirects users to Facebook Messenger creating the impression that this is a legitimate query. The respondents also are posing as Facebook support personnel form their “content Moderation Hub” trying to assist businesses in resolving the query.
The whole scenario is created to create trust with businesses often reacting with concern that they have posted illegal content.
The scheme has a higher level of sophistication with a direct response mechanism within the Facebook eco-system itself. This as opposed to previous scams where the response mechanism was emails only that indicated copyright infringements.
Businesses Must Ensure Multi-Layered Security
Businesses have been advised not to engage with suspicious or unauthenticated email accounts and should report any such activity to Facebook directly.
Companies have been advised to utilise additional security standards. These would include a two-factor confirmation protocols are also useful in preventing unauthorised access to Business accounts on Facebook.