New Facebook attack warning issued.
What do Netflix, PayPal, WhatsApp, Beyoncé and Facebook have in common? The answer is, sadly, they are all at the centre of hacking attacks designed to part you from your passwords, confidential data or heard-earned cash. Security experts have warned of an ongoing threat campaign against the latter of these, Facebook, which could have serious implication for those on the receiving end of the attack emails concerned. Here’s what you need to know and what you need to do. Now.
Facebook Phishing Campaign Has Consequential Implications For Thousands
A new warning from the security experts at Check Point has highlighted an ongoing attack campaign targeting the Facebook brand, the third biggest for reach behind Google and YouTube. “When a phishing campaign leverages the Facebook brand,” Check Point said, ”the implications are particularly consequential.”
This new attack campaign has already been sent to more than 12,000 individual email addresses, and targeted hundreds of organizations for good measure. First observed Dec. 20, the attacks are primarily against people located in the U.S. (45%) and Europe (45.5%) with some hitting Australian victims.
Using an automated mailing service, Check Point said, belonging to Salesforce as a marketing tool, the phishing emails are sent with a noreply@salesforce.com return address for added authenticity. We’ve seen this kind of email domain deception in attacks pretending to originate from Google support in the past. The emails themselves adopt a strategy of a false copyright infringement notification from Facebook: “It has been reported that your recent activity might be in violation of copyright laws.”
Fall for the bait and you are taken to a fake Facebook support page where you will be encouraged to enter account credentials to proceed and rectify the alleged infraction. “Text on the page suggests that the credential details are critical in having the account “reviewed”, rather than disabled,” Check Point said.
Mitigating The Facebook Phishing Attack Threat
An attacker who gains control over a Facebook admin account can also likely gain control over the associated business page, or an individual account can be used just as easily, to alter content or manipulate messaging as well as change security settings to prevent the genuine user regaining access. Mitigating such attacks is vital to protect brand reputation and to prevent the threat actors using your account for further threat distribution and fraud.
Check Point recommended that organizations:
- Set up alerts
- Educate employees
- Educate customers
- Maintain an incident response plan
Facebook, meanwhile, advised consumers not to click on links or open attachments from unknown sources, pay close attention to messages that contain urgent demands, and ask for passwords, account details, or other personal information. “Scammers frequently use deceptive email addresses that closely resemble official support accounts, but they are not legitimate,” Facebook warned, “Emails about your Facebook account will always come from: fb.com, facebook.com, facebookmail.com, support.facebook.com. I have reached out to Meta for a statement.
This article was originally published by a www.forbes.com . Read the Original article here. .