New Facebook attack warning issued.
Update, Feb. 7, 2025: This story, originally published Feb. 6, now updated to include a new report on phishing kits as the Facebook scam attacks continue.
What do Netflix, PayPal, WhatsApp and Facebook have in common? The answer is, sadly, they are all at the centre of hacking attacks designed to part you from your passwords, confidential data or heard-earned cash. Security experts have warned of an ongoing threat campaign against the latter of these, Facebook, which could have serious implication for those on the receiving end of the attack emails concerned. Here’s what you need to know and what you need to do. Now.
Facebook Phishing Campaign Has Consequential Implications For Thousands
A new warning from the security experts at Check Point has highlighted an ongoing attack campaign targeting the Facebook brand, the third biggest for reach behind Google and YouTube. “When a phishing campaign leverages the Facebook brand,” Check Point said, ”the implications are particularly consequential.”
This new attack campaign has already been sent to more than 12,000 individual email addresses, and targeted hundreds of organizations for good measure. First observed Dec. 20, the attacks are primarily against people located in the U.S. (45%) and Europe (45.5%) with some hitting Australian victims.
Using an automated mailing service, Check Point said, belonging to Salesforce as a marketing tool, the phishing emails are sent with a noreply@salesforce.com return address for added authenticity. We’ve seen this kind of email domain deception in attacks pretending to originate from Google support in the past. The emails themselves adopt a strategy of a false copyright infringement notification from Facebook: “It has been reported that your recent activity might be in violation of copyright laws.”
Fall for the bait and you are taken to a fake Facebook support page where you will be encouraged to enter account credentials to proceed and rectify the alleged infraction. “Text on the page suggests that the credential details are critical in having the account “reviewed”, rather than disabled,” Check Point said.
The Rise Of Phishing-As-A-Service Impacts More Than Just Facebook
Managed network security provider LevelBlue has just published its first threat trends report for 2025, and it doesn’t bode well for those looking for some respite when it comes to phishing attacks of the type being experienced by Facebook users. The analysis of “dominant cyber threat activity” found that phishing-as-a-service kits continue to gain traction. “Because PhaaS kits are increasingly accessible,” the LevelBlue report stated, “it is easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge.” The threat intelligence analysts also said that a new phishing kit service, known as RaccoonO365, using methods to intercept both passwords and two-factor authentication session cookies, is of particular note.
“Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering,” says Ken Ng, the lead cybersecurity specialist at LevelBlue’s Threat Hunting division. “The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today’s most prevalent threats.”
Mitigating The Facebook Phishing Attack Threat
An attacker who gains control over a Facebook admin account can also likely gain control over the associated business page, or an individual account can be used just as easily, to alter content or manipulate messaging as well as change security settings to prevent the genuine user regaining access. Mitigating such attacks is vital to protect brand reputation and to prevent the threat actors using your account for further threat distribution and fraud.
Check Point recommended that organizations:
- Set up alerts
- Educate employees
- Educate customers
- Maintain an incident response plan
Facebook, meanwhile, advised consumers not to click on links or open attachments from unknown sources, pay close attention to messages that contain urgent demands, and ask for passwords, account details, or other personal information. “Scammers frequently use deceptive email addresses that closely resemble official support accounts, but they are not legitimate,” Facebook warned, “Emails about your Facebook account will always come from: fb.com, facebook.com, facebookmail.com, support.facebook.com. I have reached out to Meta for a statement.
This article was originally published by a www.forbes.com . Read the Original article here. .