A new phishing scam has been uncovered by a global cybersecurity company, specifically targeting businesses that promote their pages on Facebook. According to a recent report from Kaspersky, scammers are sending fraudulent emails that appear to come from Meta for Business, Facebook platform for businesses. These emails falsely claim that the recipient’s page contains prohibited content and ask the recipient to explain why their page should not be blocked.
How the Scam Works
The scam begins with an email that looks very official and is designed to make business owners panic. The email suggests that Facebook has found prohibited content on the user’s page, and to avoid being blocked, the recipient needs to provide an explanation. The aim of these scammers is to gain access to the business account.
When businesses receive these emails, they often feel the need to respond quickly to protect their online presence. However, the email is a trick. The goal is to steal the business’s login credentials and access their accounts.
What to Look For
Here’s how you can spot this scam:
- The Email’s “From” Field:
The domain of the email address doesn’t belong to Facebook, which is the first sign that something is wrong. If you carefully check the sender’s email address, you will see that it doesn’t come from the official Facebook domain. - Redirect to Facebook Messenger:
The email contains a link that directs users to Facebook Messenger. Here, a fake account posing as Facebook support will message the user. This is a key part of the scam. The fake account may look like Facebook official support team, tricking users into believing it’s safe. - Urgency and Panic:
The scam relies on the feeling of urgency. Businesses receiving the email may be in a panic about their page being blocked. The scammers use this stress to make it easier for them to trick the victim into clicking the link or providing sensitive information.
The Sophistication of the Scam
What makes this scam particularly dangerous is how sophisticated it is. Unlike previous phishing attempts that simply accused users of copyright violations, this scam mimics the Facebook platform’s internal communication. By using Messenger and posing as Facebook support team, the scammers create a false sense of trust. This technique makes it harder for people to realize they’re being scammed.
Steps to Protect Your Business
If you receive one of these emails, here are some steps you should take immediately to protect your business:
- Don’t Click on Any Links:
Avoid clicking on any links in the email or responding to the message. Instead, directly go to the official Facebook website or open the Facebook app to check your account status. - Report the Incident:
Report the phishing attempt to Facebook support team. They can help investigate and protect your account. - Change Your Passwords:
If you suspect that your account information has been compromised, change your passwords immediately. Use a strong and unique password for each account. - Enable Two-Factor Authentication:
Adding an extra layer of security by enabling two-factor authentication (2FA) can make it harder for scammers to gain access to your account even if they have your password.
Statistics on the Scam
Here’s a table summarizing the key findings about this phishing scam:
| Aspect | Details |
|---|---|
| Start Date | December 14 |
| Target Audience | Businesses using Facebook for marketing |
| Email Domain | Not from Facebook official domain |
| Main Goal | Stealing business account login information |
| Link Destination | Facebook Messenger (fake support team) |
| Urgency | Email creates panic to trick users into responding |
Summary
This new phishing scam is a serious threat to businesses promoting their pages on Facebook. The scammers’ use of Facebook Messenger and impersonation of Facebook support team makes this scheme especially tricky. However, by being cautious and following the steps outlined above, businesses can protect themselves from falling victim to these attacks.
Always remember, if something feels suspicious or urgent, take a moment to carefully check the details before responding. By staying vigilant, businesses can prevent their accounts from being compromised and keep their digital presence safe.
