This recent phishing campaign tricks victims by using Facebook posts in its chain of attacks. The emails that were sent to the targets made it appear as though one of the recipientsā Facebook posts violated copyright, and they threatened to remove their accounts if no appeal was made within 48 hours.
āThe content of this Facebook post appears legitimate because it uses a dummy āPage Supportā profile with the Facebook logo as its display picture. At first glance, the page looks legitimate, but the link provided in this post leads to an external domainā, according to Trustwave.
Here the Facebook post pretends to be āPage Support,ā using a Facebook logo to appear as if the company manages it.
The main phishing URL, hxxps:/meta[.]forbusinessuser[.]xyz/main[.]php, which resembles Facebookās copyright appeal page, is reached by clicking the link in the post.
Particularly, any data that victims enter into the form after hitting the send button, along with the victimās client IP and geolocation data will be forwarded to hackers.
Also, threat actors may gather more data to get through fingerprinting protections or security questions while gaining access to the victimās Facebook account.
The victim is then redirected to the next phishing website, where a false 6-digit one-time password (OTP) request with a timer is displayed.
Any code entered by the victim will fail, and if the āNeed another way to authenticate?ā button is pressed, the site will redirect to the real Facebook site.
According to Trustwave, multiple Facebook profiles have fake messages that look to be support pages and direct users to phishing websites.
Therefore, these fake Facebook āViolationā notifications use real Facebook pages to redirect to external phishing sites. Users are urged to take extreme caution when receiving false violation alerts and to not fall for the initial linksā seeming legitimacy.
The Totally Awesome Phish Trivia Book: Uncover The History & Facts Every Phish Head Should Know!
InfoSecBooks | Tools | Services