Hundreds of companies have been targeted in a new Facebook phishing campaign that emerged late last year.
The campaign began around December 20th and primarily targets business enterprises, according to cybersecurity firm Check Point, which identified and analyzed the scam.
Over 12,000 emails have been sent as part of the campaign to hundreds of companies, primarily across the EU, the US, and Australia, the researchers said.
However, versions of the notifications have also been found in Chinese and Arabic, indicating that the campaign targeted companies across geographic locales.
The cybercriminals use the automated mailing service that belongs to Salesforce as a marketing tool. They did not breach any terms of service or the Salesforce security systems.
“Rather, they use the service normally and choose not to change the sender ID,” Check Point said. As a result, the fake emails are branded with the [email protected] email address, possibly to make them appear more legitimate.
The emails contain phony versions of the Facebook logo and falsely notify recipients of copyright infringement.
“It has come to our attention that the content you’ve shared includes music owned by Universal Music Group (UMG), which was utilized without the required licensing or authorization,” one of the emails shared by security researchers read.
It warned the recipient that “your recent activity might be in violation of copyright laws,” and attempted to create a sense of urgency – a telltale sign of a scam – by prompting them to respond by the end of a business day.
According to researchers, victims click on a link that leads to a fake Facebook support page, where they are asked to type in their details and unwittingly provide their credentials to cybercriminals.
The text on the page says that the credential details are needed to “review” the account, rather than disable it. Losing a Facebook account can be particularly damaging to businesses that rely on it for their sales.
“Any cybercriminal who gains access to a Facebook admin account can potentially gain control over a business page. The individual can then alter content, manipulate messaging, or delete posts. Security settings could also be changed, preventing authentic administrators from easily re-accessing the account,” cybersecurity experts warned.
“An account breach of this nature can subsequently result in loss of client trust. After a Facebook account is hijacked, clients may perceive a business as negligent, and may move away from the business or pursue lawsuits,” they said.
“Further, for businesses in regulated industries, like healthcare and finance, a data breach could lead to non-compliance, culminating in fines and legal challenges.”
Déjà vu
Cybernews has previously reported on a version of the copyright infringement scam that has been making rounds since at least 2023. Users complained about being locked out of their accounts with Meta-owned Facebook doing little to help them reinstate their access.
Victims reported their accounts being renamed to “Meta Copyright Infringement” and sometimes disabled. Some said that they’d experienced credit card fraud, suffered damages over suspended business accounts, or lost pictures posted over the years as a result.
Others recounted how their hacked accounts were used to share explicit or violent content, with one user saying a picture of two men carrying AK-47 guns was posted on their behalf “written in a language I do not understand.”
Users also complained that they struggled with the appeal process, expressing frustration over the lack of communication from Facebook.
According to cybersecurity experts, there is little that can be done once the account is hijacked. Users can go through the account recovery process, but any data removed or retrieved by the scammers may be lost forever.
If there is financial damage involved, time is of the essence – the sooner the victim contacts their bank if they had their credit or debit card number exposed, the easier it will be to recover the damages.
According to experts, implementing additional security layers and educating employees and customers about cyber threats remain key measures that organizations can take to avoid falling victim to phishing attacks.
Your email address will not be published. Required fields are markedmarked