Security News > 2022 > December > Phishing attack uses Facebook posts to evade email security
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information.
The link to appeal the account deletion is an actual Facebook post on facebook.com, helping threat actors bypass email security solutions and ensure their phishing messages land in the target's inbox.
The Facebook post pretends to be "Page Support," using a Facebook logo to appear as if the company manages it.
The phishing sites are crafted with care to make them appear like Facebook's actual copyright appeal page, containing a form where victims are requested to enter their full name, email address, phone number, and Facebook username.
Trustwave reports it has found numerous Facebook accounts using phony posts made to appear as support pages that lead victims to phishing websites.
Victims may land on these posts via phishing emails, like in the campaign presented in this report, or via instant messages received on Facebook.
News URL
Related news
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- Google now blocks spoofed emails for better phishing protection (source)
- Security Vulnerability of HTML Emails (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)
- FIN7 targets American automaker’s IT staff in phishing attacks (source)
- AI set to play key role in future phishing attacks (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)