Digital crime is becoming even more inventive every day, as cybercriminals are constantly devising new methods of attack.

Kaspersky discovered one new phishing scam aiming business accounts in the Facebookusing legitimate Facebook services to send deceptive emails threatening account suspension.

According to the Hellenic IT & Communications Business Association (SEPE), cybercriminals have devised a method to use Facebook’s authentic features to send false shutdown warnings on business accounts. These emails, which come from Facebook, contain warning messages such as “24 hours left to submit a review request. See why.”

Fraudsters target business Facebook accounts using Meta’s infrastructure and branding

By clicking on the email, the recipient is taken to a genuine Facebook page with a corresponding warning. After that, the user is redirected to a phishing page camouflaged with Meta branding, reducing the time to resolve the problem from 24 to 12 hours.

Finally, the phishing site first asks for harmless information, followed by a request for the account email or Telephone Number and the password.

Misleading notifications

The perpetrators use hacked accounts of Facebook to send these notifications. They change the account name to a threatening message and the profile picture to an exclamation point, then create posts mentioning the targeted business accounts. And because delivery is done through Facebook’s actual infrastructure, these notifications are sure to reach their intended recipients.

“Even notifications that look legitimate and come from a trusted source like Facebook can be misleading. It is vital that you carefully consider the links that prompt you to follow, especially when it comes to data entry or payments. This can make a significant difference in protecting your business accounts from phishing attacks,” says Kaspersky.

About protection

Experts recommend regarding the new fraud, which concerns Facebook:

– Avoid opening links received from suspicious emails. If you need to sign in to your account at the listed organization, type the address yourself or use a bookmark.

– To protect your company from a wide range of threats, use solutions that provide real-time protection, threat visibility, EDR and XDR investigation and remediation capabilities for organizations of all sizes and industries.

– Invest in cybersecurity training programs for your staff to keep them up to date with the latest knowledge.