- Hackers Fake Facebook Alerts Using Real Domain facebookmail.com to Deceive Business Suite Users
- More than 40,000 emails sent; one company received over 4,000, mostly template-based wide-net campaigns
- Defense requires MFA, password managers, staff training, and close account monitoring
Experts have warned that cybercriminals are targeting Facebook Business Suite users with very convincing phishing emails, tricking them into handing over their login credentials and other valuable information.
The social media’s enterprise platform lacks adequate identity safeguards, allowing hackers to impersonate Facebook itself and abuse the trust users have in the platform, experts at Check Point Research (CPR) have found.
Facebook Business Suite is a centralized platform that allows businesses to manage their Facebook, Instagram, and Messenger accounts in one place. It is mainly used by small and medium-sized businesses (SMBs), social media managers and marketers.
What can be done?
However, when a malicious actor creates a new Facebook business page, they can simply set up a name and upload a logo that mimics Facebook’s official branding and send phishing emails that appear as official Facebook alerts.
“The most important thing is that these messages are sent from the legitimate domain facebookmail.com,” the researchers explained, “most users are trained to distrust strange-looking sender addresses, but in this case, the emails come from a domain they know and trust. As a result, the phishing messages are much more convincing.”
The notifications sent by attackers generally revolve around topics that might be of interest to SMBs and mid-sized businesses: account verifications, Meta partner programs, or free advertising credit programs.
So far, the attackers have sent more than 40,000 phishing emails to Check Point’s customer base (approximately 5,000 entities), meaning the true scale of the operation is likely much larger.
Among CPR customers, most received fewer than 300 emails, but one company was inundated with more than 4,000 messages. Most of the messages are template-based, meaning the goal was not to compromise specific organizations, but rather to cast a wide net and see who gets caught.
The victims are mainly in the United States, Europe, Canada and Australia.
There are several things that can be done to defend against these sophisticated phishing attacks.
Primarily, users should use a centralized password manager and enable multi-factor authentication (MFA) on all accounts. Next, they should make sure to carefully verify the authenticity of the sender and educate their employees and social media managers about the risk of social engineering on the platform.
Finally, they should monitor their accounts for suspicious activity and report all phishing attempts to Facebook.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
