A new phishing campaign is targeting businesses using Meta ads. Attackers claim that your account was banned, but instead of fixing the problem, you get hacked.
Meta reports having over 10 million active advertisers across its platforms, with various businesses depending on social media ads. However, no one can feel safe, as cybercriminals have started targeting advertisers in order to hijack their accounts.
Users have started to receive fake emails claiming that their ads have been suspended. The supposed email from Meta’s support reads that the user has violated Meta’s advertising policy and EU digital regulations, including GDPR.
The user is then urged to press the “Check more details” link, to appeal the “ban” on the company’s ads. However, instead of solving the alleged ad problem, the victim gets hacked.
Fake Meta support
In the new phishing campaign, identified by Cofense security firm, crooks go the extra mile, as once the victim presses the malicious link, they are taken to a fake Meta support page.
On the spoofed page, the victim is further warned that their account is at risk of suspension and termination. The victim is prompted to click the “Request review” button and provide sensitive information, such as their name and business email, to proceed to a chat support agent.
“Welcome to our support center. A Meta representative will join you shortly,” greets the fake chatbot. The fake Meta representative seduces users into sending screenshots of their business accounts most likely due to screening purposes to target high-value victims. If cybercriminals see fit, they instruct the user to perform a “system check.”
Upon clicking the button, the page reloads and asks the user to enter their Facebook password which ends up in user account takeover by the hacker.
If the victim does not fall for the trick, cybercriminals have prepared another test – a supposed Two-Factor Authentication (2FA) “setup guide.”
The crooks promise that this will fix the problem of account suspension, and it sounds quite tempting as it is a faster solution than dealing with a support agent. However, if the victim follows the instructions, they will also lose access to their accounts.
Always pay attention to details
It’s always important to pay attention to details. This case is no different. The sender of a phishing email is not [email protected] but rather [email protected], indicating straight away that the email is fake.
The support page also shows signs of a scam, as the URL on the browser’s address bar reveals that they are not on a legitimate Meta domain. Instead, the users are presented with businesshelp-manager.com.
“The campaign demonstrates a high level of attention to detail, with emails and landing pages that closely resemble legitimate communications,” writes Cofense researchers.
“The inclusion of live agent support adds an additional layer of deception, making users believe they are interacting with Meta's official support team.”
Your email address will not be published. Required fields are markedmarked