© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Facebook users targeted in copyright infringement scam

Hackers are sending fake copyright infringement notices to Facebook users to steal their credentials, a new research by Avanan has found.

In a phishing attack that primarily targets organization accounts, users would receive fake copyright infringement notices threatening to terminate their pages – unless they immediately take action.

"Your account has been suspended. This is because your account, or activity on it, doesn't follow our Community Standards," read one of such messages shared by Avanan.

The fake notice went on to say that a photo uploaded to the account's page violated Facebook's copyright infringement policy and that the decision could be appealed within 24 hours.

"If you miss the deadline, your account will be permanently disabled," the message warned, instructing to follow a link to make an appeal.

Copyright infringement phishing message. Image by Avanan

While the link looked legitimate, hovering over it made it clear it did not lead to a Facebook-related page, Avanan said. Instead, it led to a credential-harvesting website.

Researchers also noted that the sender's address was visibly fake but said the spoof email was otherwise "fairly believable." Like all effective phishing schemes, it plays on the urgency of a matter and even mentions the page it targets by name.

Organizations that rely on their Facebook page for advertisement, awareness, and other business activities could be particularly vulnerable, Avanan said.

"Filing a quick appeal seems reasonable. That's where the hackers try to get you," it said, adding that "waves" of these emails indicate the scam was working.

"When we see a number of similar attacks spoofing the same brand, we know that the hackers are getting people to bite," researchers noted.

Security professionals advise users to always hover over all links before clicking them and double-check sender addresses to avoid getting duped. Instead of clicking on the link in the email, it is advisable to log into the Facebook account directly to check its status.

More from Cybernews:

Air France-KLM claims cyberattack stopped in time – experts aren’t convinced

Gotta catch ‘em all: cybercriminals target victims with fake Pokémon game

Moldova‘s government targeted by a phishing scam

Russian hackers targeted 3 US nuclear research labs

Chick-fil-A user accounts reportedly hacked

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked