Hackers and those in cybercrime can never be accused of not being creative and a new credential theft campaign highlights the fact: It uses Facebook copyright notices to obtain user credentials.
Detailed today by researchers at Avanan, a Check Point Software Technologies Ltd. company, hackers are leveraging Facebook copyright infringement notices to steal credentials. The attack starts with hackers sending fake Facebook copyright infringement notices claiming the victim’s account has been suspended because of a photo upload to the account’s page that violates Facebook’s copyright infringement policy.
The email tells potential victims that in order to appeal the suspension, they have 24 hours to file an appeal or their account will be permanently suspended. A link in the email does not go to a page controlled by Meta Platforms Inc. but instead to a credential-harvesting page.
Despite the email’s sender and link clearly not coming from Facebook, the researchers note that it’s otherwise fairly believable, including a link in the email mentioning the victim’s Facebook page.
The question then becomes how people fall for such scams, particularly given that the links are not legitimate. According to the researchers, the best phishing emails play on urgency, in this case the threat of losing access to a Facebook account.
“Think about it: If your organization relies on its Facebook page for advertisement, awareness and other business activities, having it permanently suspended will be quite difficult to overcome,” the researchers explain. “Filing a quick appeal seems reasonable.”
Though it’s not clear how successful the emails have been, the researchers add that they’re having success, as evidenced by the waves of these emails being sent — since hackers keep sending out phishing emails only if some of them are successful.
Users are always advised to hover over URLs before clicking to check that it’s legitimate. The sender of any email should be double-checked and, in the case of a claimed copyright strike from Facebook, users should log into their account directly to see the status of the account instead of clicking on the URL in the email.
Facebook is a popular target for hackers. A campaign dubbed “Meta-Phish” targeted users with a different copyright message in December.