This devious phishing campaign uses Facebook messages to trick its victims
Campaign uses alleged copyright violations to dupe Facebook users
A newly-discovered phishing campaign has been found using fake copyright infringement notices from Facebook to dupe users into giving away their account details.
According to analysts from cybersecurity firm Trustwave, these fake messages claim that the user will have their account deleted in 48 hours unless they fill out an appeal form to protect themselves.
This appeal form then collects key personal data about the user, which can put the unwitting recipient at far greater risk of issues like ID theft.
How exactly does it work?
The phishing attack is delivered via an email to the recipient's inbox, which contains a link to a real Facebook post.
The user is then redirected to a fake, custom-built Meta-branded customer support site.
This site collects the user's real name, phone number, and address, which combined with their IP address and location, is reportedly stored by the hacker and sent to a Telegram account using HTTPS.
Users are then reportedly directed to another fake page, where they are faced with a One Time Password Check, which inevitably fails.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After this, if choose to click on a pop-up reading “Need another way to Authenticate?”, they are then redirected back to the real Facebook site.
Trustwave advises users to be careful if they received copyright violation notices purporting to be from Facebook.
Facebook remains an extremely popular attack vector for would-be cybercriminals.
In October, cybersecurity researchers uncovered a campaign known as "ducktail".
Targeting businesses running Facebook advertising campaigns, "ducktail" installs malware on the victim's machine, which then nabs valuable information such as crypto wallet addresses.
- Interested in staying safe online? Check out our guide to best privacy tools
Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.