HQ/EMEAFind out how we can help your business
In our latest investigation at iZOOlogic, our Threat Hunting Team uncovered a sophisticated phishing campaign targeting Facebook pages. This attack specifically targets pages with active ad campaigns and employs deceptive tactics to steal sensitive user information.
The Attack Unveiled
The phishing campaign begins with scammers impersonating Meta’s Help Center. The scammers send direct messages to Facebook page admins, falsely claiming that their page has violated community guidelines and that their access has been restricted. This message includes a malicious link directing victims to a phishing site designed to capture sensitive information.
How the Phishing Works
- Malicious Link: Victims are directed to a phishing page via a link: https://1f2b50e3-3179-438d-ac8f-ac0f5ad0f6ba-00-3cp2e03wpz7yu.pike.replit.dev
- Data Requested: The phishing page prompts users to enter their browser cookies (c_user, xs) and Facebook account password. These cookies are critical for user authentication and can be used by attackers to hijack Facebook accounts and gain unauthorised access to associated pages and ad campaigns.
- Redirect: After submitting their information, victims are redirected to the legitimate Meta Business Help Center page, creating a false sense of security and making the phishing attempt harder to detect.
Indicators of Compromise (IOC)
- Phishing URL: https://1f2b50e3-3179-438d-ac8f-ac0f5ad0f6ba-00-3cp2e03wpz7yu.pike.replit.dev
- IP Address: 34.93.221.142 (linked to the free hosting service replit.dev)
Why This Matters
The stolen cookies and credentials can be used by attackers to impersonate users, take over Facebook accounts, and potentially disrupt or exploit ad campaigns. This kind of breach not only threatens account security but can also damage the reputation and operations of businesses.
Protecting yourself from phishing attacks involves staying cautious of unsolicited messages about account issues and avoiding links from unfamiliar sources. If you receive suspicious messages or suspect phishing, contact Facebook support immediately.
At iZOOlogic, we are committed to monitoring and addressing such threats to safeguard your digital presence. Remain vigilant and proactive to protect yourself and your business. For additional assistance or information, please contact our security team.
