Cybercriminals in password theft are constantly developing new ways to deliver phishing emails.
They’ve learned to use a legitimate Facebook mechanism to send fake notifications threatening to block Facebook business accounts.
We explore how the scheme works, what to look for, and what measures to take to protect business accounts on social networks.
Anatomy of the Phishing Attack on Facebook Business Accounts
The phishing attack begins with a message from Facebook to the email address linked to the victim’s business account.
The email contains a menacing icon with an exclamation mark and a threatening text: “24 Hours Left To Request Review. See Why.”
According to the report from Kaspersky, the email warns that the Facebook business account could be blocked.
Despite the odd combination of words, a Facebook manager may, in haste or panic, fail to spot these irregularities and follow the link by clicking the button in the email or manually opening Facebook in a browser to check for notifications.
Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan
Phishing Notification on Facebook
Upon logging into Facebook, the victim finds a notification with the exact threatening words: “24 Hours Left To Request Review. See Why.”
The notification alleges that the account and page are to be blocked due to non-compliance with the terms of service and prompts the victim to follow a link to dispute the decision.
Following the link opens a website bearing the Meta logo, not Facebook, with a similar message but a reduced time frame of 12 hours to resolve the issue.
This tactic is used across other Meta platforms, including Instagram.
Phishing Form for Personal Data
The phishing page initially asks for relatively innocent data: page name, first and last names, phone number, and date of birth.
The next screen requests the email address or phone number linked to the Facebook account and the password, which is the data the attackers are after.
Threat actors use hijacked Facebook accounts to send phishing notifications.
They changed the account name to “24 Hours Left To Request Review. See Why” and the profile picture to an orange icon with an exclamation mark.
The message about the account block is posted from the hijacked account, mentioning the victim’s page after several empty lines.
Attackers post such messages in bulk, mentioning a target Facebook business account.
As a result, Facebook sends notifications to all mentioned accounts, both within the social network and to the linked email addresses.
Because the delivery is via Facebook’s infrastructure, these notifications are guaranteed to reach their intended recipients.
Phishing isn’t the only threat to business accounts. Malware, known as password stealers and browser extensions, can also be used for hijacking.
Here are some recommendations for protecting your business’s social media accounts:
- Use Two-Factor Authentication: Always enable two-factor authentication wherever possible.
- Monitor Suspicious Login Attempts: Pay close attention to notifications about suspicious login attempts.
- Use Strong and Unique Passwords: Ensure all passwords are strong and unique. Generate and store them using a password manager.
- Verify Page Addresses: Carefully check the addresses of pages asking for account credentials. If you suspect a site is fake, do not enter your password.
- Equip Work Devices with Protection: Install reliable protection on all work devices to warn of danger ahead of time and block malware and malicious browser extensions.
By following these steps, businesses can better safeguard their social media accounts from phishing attacks and other cyber threats.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free