Users would receive fictitious copyright infringement notices threatening to terminate their pages unless they immediately took action in a phishing attack that primarily targets organisation accounts.
“Your account has been suspended. This is because your account, or activity on it, doesn’t follow our Community Standards,” read one of such messages shared by Avanan.
The fake notice went on to say that a photo uploaded to the account’s page violated Facebook’s copyright infringement policy and that the decision could be appealed within 24 hours.
“If you miss the deadline, your account will be permanently disabled,” the message warned, instructing to follow a link to make an appeal.
While the link looked legitimate, hovering over it made it clear it did not lead to a Facebook-related page, Avanan said. Instead, it led to a credential-harvesting website.
Researchers also noted that the sender’s address was visibly fake but said the spoof email was otherwise “fairly believable.” Like all effective phishing schemes, it plays on the urgency of a matter and even mentions the page it targets by name.
According to Avanan, businesses who depend on their Facebook page for marketing, awareness-raising, and other business-related activities may be especially at risk.
“Filing a quick appeal seems reasonable. That’s where the hackers try to get you,” it said, adding that “waves” of these emails indicate the scam was working.
“When we see a number of similar attacks spoofing the same brand, we know that the hackers are getting people to bite,” researchers noted.
Security professionals advise users to always hover over all links before clicking them and double-check sender addresses to avoid getting duped. Instead of clicking on the link in the email, it is advisable to log into the Facebook account directly to check its status.