HQ/EMEAFind out how we can help your business
A new cybercriminal operation has utilised over 3000 fake Facebook profiles to bait users and fall prey to scammers. Based on reports, the latest phishing scam leverages thousands of Facebook profiles to harvest login credentials from unsuspecting victims.
The social media platform Facebook remains one of the most used platforms scammers use to execute social engineering tactics and information-stealing attacks. Facebook has about 3 billion monthly active users, making it one of the most targeted social media sites globally.
Fake Facebook profiles started to scam users earlier this year.
According to researchers, a massive phishing campaign started to use numerous fake Facebook profiles that impersonate META support staff last February.
The threat actors utilised about 3,200 profiles from independently created profiles or stolen accounts. Moreover, 1,200 fake profiles scammed users last March.
These actors generated the pages in more than 20 different languages. Most of the impersonated profiles spoofed Meta security staff posted in English. The links in these fake profiles could redirect users to over 220 phishing websites that display Facebook or Meta’s branding. Attackers commonly use the actors for session hijacking and phishing attacks.
Researchers revealed that the fake profiles are labelled Restriction Account Business Information and Page Standard-Community Recovery, impersonating Facebook’s technical support team.
The scammers generate several pages using these accounts and post related Facebook-related violation norms. The actors usually tag their targeted users to the violation post and inform them they have a violation. Subsequently, the attackers will urge the target to verify their accounts to confirm the violation.
The primary targets of these attacks include public figures, businesses, sports personalities, and celebrities. The scammers will try to obtain access to their Facebook accounts and steal sensitive data.
These recent scam campaigns leveraging Meta and Facebook show how the threat actors constantly make new attacks to bait their targets and harvest login credentials and information. Users should be vigilant and knowledgeable regarding these attempts to prevent scammers from achieving their objectives.
