- Hackers fake Facebook alerts using real facebookmail.com domain to phish Business Suite users
- Over 40,000 emails sent; one company received more than 4,000—mostly template-based broadnet campaigns
- Defense requires MFA, password administrators, staff training, and vigilant account monitoring
Cybercriminals are targeting Facebook Business Suite users with highly convincing phishing emails, tricking them into handing over login credentials and other valuable information, experts have warned.
The social network’s business platform lacks adequate identity guarantees, allowing hackers to impersonate Facebook itself and abuse the trust users have in the platform, experts from Check Point Research (CPR) found.
Facebook Business Suite is a centralized platform that allows businesses to manage their Facebook, Instagram and Messenger accounts in one place. It is mostly used by small and medium-sized businesses (SMBs), social media administrators, and marketers.
What can be done?
However, when a malicious actor creates a new Facebook Business Page, they can simply create a name and upload a logo that mimics official Facebook branding and send phishing emails that appear as official Facebook warnings.
“It is crucial that these messages are sent from the legitimate facebookmail.com domain,” the researchers explained, “most users are trained to distrust strange-looking sender addresses, but in this case, the emails come from a domain they know and trust. As a result, the phishing messages are far more convincing.”
The notifications that the attackers send out usually revolve around topics that may be of interest to SMBs and mid-sized businesses – account verifications, Meta Partner programs or free advertising credit programs.
So far, the attackers have sent more than 40,000 phishing emails to Check Point’s customer base (around 5,000 devices), meaning the actual scope of the operation is likely much larger.
Among CPR’s customers, most received fewer than 300 e-mails, but one company was inundated with more than 4,000 messages. Most of the messages are templates, meaning the goal was not to compromise specific organizations, but rather to cast a wide net and see who gets caught.
The victims are primarily located in the United States, Europe, Canada and Australia.
There are a number of things that can be done to defend against these sophisticated phishing attacks.
Primarily, users should use a centralized password manager and enable multi-factor authentication (MFA) on all accounts. After that, they should make sure to carefully verify the authenticity of the sender and educate their employees and social media managers about the risk of social engineering on the platform.
Finally, they should monitor their accounts for suspicious activity and report any phishing attempts to Facebook.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
