Security News > 2022 > December > Phishing attack uses Facebook posts to evade email security
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information.
The link to appeal the account deletion is an actual Facebook post on facebook.com, helping threat actors bypass email security solutions and ensure their phishing messages land in the target's inbox.
The Facebook post pretends to be "Page Support," using a Facebook logo to appear as if the company manages it.
The phishing sites are crafted with care to make them appear like Facebook's actual copyright appeal page, containing a form where victims are requested to enter their full name, email address, phone number, and Facebook username.
Trustwave reports it has found numerous Facebook accounts using phony posts made to appear as support pages that lead victims to phishing websites.
Victims may land on these posts via phishing emails, like in the campaign presented in this report, or via instant messages received on Facebook.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Facebook discloses FreeType 2 flaw exploited in attacks (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)