A newly discovered phishing campaign that uses fake Facebook copyright notices to trick users into divulging account details has been discovered.
According to analysts from the cybersecurity company Trustwave, these fake messages claim that the user’s account will be deleted within 48 hours unless they complete an appeal form to protect themselves.
This revocation form then collects the user’s key personal information, which can put the unwitting recipient at a much greater risk of problems such as identity theft.
How exactly does it work?
The phishing attack is delivered via email to the recipient’s inbox, which contains a link to a real Facebook post.
The user is then redirected to a fake custom Meta brand customer service website.
This site collects the user’s real name, phone number, and address, which, combined with their IP address and location, are supposedly stored by a hacker and sent to a Telegram account using HTTPS.
Users are then reportedly directed to another fake site where they are subjected to a one-time password check that inevitably fails.
Then, if you choose to click on the pop-up that says “Need another way to authenticate?”, they will be redirected back to the real Facebook page.
Trustwave advises users to exercise caution if they receive copyright infringement notices purporting to come from Facebook.
Facebook remains an extremely popular attack vector for potential cybercriminals.
In October, cybersecurity researchers uncovered a campaign known as “ducktail.”
Targeting companies running Facebook ad campaigns, the ‘ducktail’ installs malware on the victim’s machine, which then intercepts valuable information such as crypto wallet addresses.
- Want to be safe online? Check out our guide to the best privacy tools (opens in a new tab)