HQ/EMEAFind out how we can help your business
Scammers use fake Facebook copyright alerts to execute a new phishing campaign.
Based on reports, the world’s most popular social networking site has been the victim of a new phishing attempt targeting over 12,000 email addresses from numerous organisations.
This malicious activity started around December last year and primarily targets European, the United States, and Australian firms. However, several cases have been reported in the Middle East and Chinese servers, indicating that the campaign is becoming a global threat.
Moreover, the scammers reportedly use Salesforce’s automated mailing tool to distribute these fraudulent emails without modifying the sender ID. This tactic makes the emails appear to originate from a legitimate email address, which provides credibility to their operation.
The fake Facebook copyright alerts cause users with violations.
According to investigations, the fake Facebook copyright alerts use bogus Facebook logos and accuse email recipients of copyright violation.
One of the sample screenshots from the investigation shows that the attackers claim the issue was the unauthorised usage of Universal Music Group’s copyrighted music. In addition, the campaign will threaten the phishing email recipients with account restrictions, such as limits on publishing, live streaming, or advertising, unless they fight the claim within a short time.
This tactic will continue with a bogus Facebook help website through a URL attached to the email. This page then prompts unwary users to submit their login information, which could eventually allow the scammers to extract sensitive information by fraudulently suggesting that these details are required for an account review rather than disabling.
Furthermore, the phishing operation will falsely state that the user is “not allowed to use Meta Products to advertise” due to noncompliance with Advertising Standards. The page includes phoney choices to “Request a review” and “Unlock advanced features,” which lure victims to provide their credentials.
This new activity exposes Facebook-dependent businesses globally by allowing scammers to control their admin accounts, alter content, manipulate communications, delete postings, and change security settings.
This issue can have severe implications, such as damaged reputation, customer distrust, and possible legal action. Lastly, these breaches can lead to noncompliance, fines, and legal difficulties for organisations in regulated industries such as healthcare and finance.
