Spam trends of the week: Cybercrooks phish for Facebook and Instagram business accounts, Bitdefender Antispam Lab warns

Alina BÎZGĂ

April 06, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Spam trends of the week: Cybercrooks phish for Facebook and Instagram business accounts, Bitdefender Antispam Lab warns

Beginning April 4, researchers at Bitdefender Antispam Lab spotted a new wave of phishing emails targeting Meta business account holders. The phony messages impersonating both Facebook and Instagram target North Americans and Europeans.

Your Facebook page will be removed unless…

One spam sample analyzed by our researchers appears to target a vegan cosmetics business in the US. The email notifies the business owner that their “Facebook page is at risk of being removed from our platform” due to violations of Meta’s community standards.

“We take these violations very seriously, and we must take action to ensure the safety and well-being of our users,” the fake email warns. “If we do not receive any action from you, we may remove your page from Facebook.”

To avoid account closure and removal by Facebook, the recipient is advised to “file a counter-notification” by clicking on the embedded “Confirm” button.

Here’s what happens next:

  1.   The user encounters a customized fake CAPTCHA-like validation as seen below:

2.    After clicking on the ‘I am human’ box and Continue button, the user is directed to a copycat version of Meta’s Business Help Center page asks users to visit another malicious link

3.    The above link directs the users to a fake webpage that also lists a phony Report number. The recipient is also asked to fill in personally identifiable information, including full name, business email address, personal email address, mobile number and Facebook Page Name.

4.    Once the user agrees to the Terms, Data and Cookie Policy and clicks the Submit button, recipients are asked to enter their account password and MFA security codes that will give the attackers everything they need to take over the account.

5.    After submitting all the information, a pop-up window advises the users to wait until their case is ‘reviewed,’ meaning the real account owner needs to wait until the attacker locks them out of their page.

Instagram users also targeted

Bitdefender Antispam Lab spotted a similar ruse targeting Instagram users with a similar fraudulent message.

One analyzed sample seemed to target the Instagram account of a reggae musician with over 80,000 followers.

How can you protect your social media accounts from account takeover

Phishing attempts that begin with threats to delete or ban social media accounts are highly successful tactics criminals use to infiltrate accounts to distribute malware, spread misinformation and defraud others.

That’s why no account takeover attack should be taken lightly. Not only do these accounts hold potentially sensitive information, but they also help the attacker conduct fraudulent attacks against followers, customers, friends and family with devastating impact on the online reputation and finances of victims.

To prevent social media account takeovers, both regular users and business account holders should:

  • Stick to proper digital hygiene by never reusing passwords across services and not oversharing information
  • Remain vigilant against all forms of unsolicited messages that ask you for sensitive information, passwords, and 2FA or MFA codes
  • Check accounts for notifications or alerts by using apps on your smart device before following any instructions you received via email or text
  • Closely inspect the sender's email address for any unfamiliar or suspicious domains
  • Take precautions and install a security solution to block malicious attacks and phishing links, and monitor all accounts for suspicious activity

Need extra help managing your digital footprint and social media platform?

Bitdefender’s Digital Identity Protection (DIP) helps you manage your data on social media platforms including Facebook, Instagram and Twitter, by creating a comprehensive mapping of your digital footprint and allowing you to immediately respond to security issues.

You get real-time data breach monitoring, alerts and a handy tool to help you detect potential social media impersonators who may harm your reputation.

tags


Author


Alina BÎZGĂ

Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like

Bookmarks


loader