Specialists have warned of an ongoing cybercriminal marketing campaign leveraging 1000’s of faux Fb accounts and phishing pages in an try to acquire login information to monetary service platform accounts belonging to public figures, celebrities, companies, and sports activities groups.
Cybersecurity researchers from Group-IB’s Digital Danger Safety (DRP) workforce claim (opens in new tab) to have recognized greater than 3,200 pretend Fb accounts, a few of that are impersonating Fb and its mother or father firm, Meta.
By these accounts, the attackers would goal reputable customers of the social platform to try to get them to go to fraudulent Fb login pages.
There, they’d get them to enter their login credentials, and successfully grant them entry to their accounts. The premise is that many individuals use the identical username/password mixture throughout all kinds of accounts and that their Fb login credentials may work on extra severe platforms, corresponding to monetary companies.
Whereas the marketing campaign is energetic in additional than 20 languages, Group-IB consultants are saying, nearly all of the profiles impersonating Meta are talking English.
“The scammers impersonate Meta, Fb’s mother or father firm, of their public posts and on any of their greater than 220 phishing websites,” Group-IB researchers Sharef Hlal and Karam Chatra wrote.
“They acceptable Meta and Fb’s official logos on their social media profiles and phishing internet pages to make them seem reputable and reliable within the eyes of customers. These pretend profiles don’t have anything to do with Fb, and they’re often taken down shortly by the social community.”
Phishing, particularly when paired with identification theft (opens in new tab), is a significant menace to the web safety of each shoppers, and companies. It’s very important IT groups educate their workers on tips on how to spot pretend accounts and faux login pages. The best technique to spot a phishing web page is within the handle bar – if the handle isn’t fb.com – it’s most definitely a rip-off.
By way of: Infosecurity Magazine (opens in new tab)