Sinister Facebook Phishing Scam Directs Victims To Real FB Posts To Appear Legit
No place on the internet is safe from scams. Social media sites, including Facebook, are especially irresistible targets to those with nasty intentions. Many of us have become quite familiar with signs of a phishing scam, but bad actors have gotten more creative. A recent Facebook phishing scam directed victims to a real Facebook post before stealing their information.
How it works is, the attackers send a phishing email claiming the victim has been reported by multiple users for publishing content that violates Facebook’s policies. They insist that the victim’s account will be disabled and their page removed if they do not act immediately. The email contains a link that the victim must click to resolve the issue.
The victim is then redirected to a Facebook post that informs them that they have 48 hours to respond. This stage of the attack is particularly insidious. According to Abnormal Security, “Because the threat actors use a valid Facebook URL in the email, it makes the landing page especially convincing and minimizes the chance the target will second-guess the legitimacy of the initial email.”
This convincing Facebook post redirects victims to a phishing site that masquerades as an appeal form. The victim is instructed to enter personal information, including their name and email address. A pop-up then appears that demands the victim also share their Facebook password. The attackers have enough information at this point to take over the victim’s account and browse for a variety of personal information.
The phishing attack especially targets those who run business pages on Facebook. These individuals are more likely than those with personal accounts to act quickly. It was noted, “a disabled Facebook account wouldn’t just be an inconvenience; it could have an impact on their marketing, branding, and revenue.”
There is one main tip-off for those who are on the look-out. The sender email was from “service[@]post.xero.com,” while the reply-to was a “qerasnumber1[@]gmail[.]com.” Neither of these are legitimate Facebook email addresses.
Facebook scams are common, but Facebook is interestingly not the most spoofed site. A recent report noted that LinkedIn phishing attacks jumped from 8% at the end of 2021 to 52% at the beginning of 2022. This increase is likely due to the “Great Resignation” and the number of people currently looking for better positions.
How it works is, the attackers send a phishing email claiming the victim has been reported by multiple users for publishing content that violates Facebook’s policies. They insist that the victim’s account will be disabled and their page removed if they do not act immediately. The email contains a link that the victim must click to resolve the issue.
The victim is then redirected to a Facebook post that informs them that they have 48 hours to respond. This stage of the attack is particularly insidious. According to Abnormal Security, “Because the threat actors use a valid Facebook URL in the email, it makes the landing page especially convincing and minimizes the chance the target will second-guess the legitimacy of the initial email.”
The phishing attack especially targets those who run business pages on Facebook. These individuals are more likely than those with personal accounts to act quickly. It was noted, “a disabled Facebook account wouldn’t just be an inconvenience; it could have an impact on their marketing, branding, and revenue.”
There is one main tip-off for those who are on the look-out. The sender email was from “service[@]post.xero.com,” while the reply-to was a “qerasnumber1[@]gmail[.]com.” Neither of these are legitimate Facebook email addresses.
Facebook scams are common, but Facebook is interestingly not the most spoofed site. A recent report noted that LinkedIn phishing attacks jumped from 8% at the end of 2021 to 52% at the beginning of 2022. This increase is likely due to the “Great Resignation” and the number of people currently looking for better positions.
