- Hackers spoof Facebook messages with the real facebookmail.com domain to lure Business Suite users
- More than 40,000 emails sent; One company received over 4,000 campaigns, mostly large-scale and template-based campaigns.
- Defense requires MFA, password managers, staff training and careful account monitoring.
Cybercriminals are targeting Facebook Business Suite users with convincing phishing emails, tricking them into giving away their login credentials and other valuable information, experts warn.
The company’s social media platform lacks adequate identity protection measures, allowing hackers to impersonate Facebook and abuse users’ trust in the platform, experts at Check Point Research (CPR) say. Find.
Facebook Business Suite is a centralized platform that allows businesses to manage their Facebook, Instagram and Messenger accounts in one place. It is mainly used by small and medium-sized businesses (SMBs), social media managers and marketers.
What can we do?
However, when an attacker creates a new business page on Facebook, he can simply enter a name and upload a logo that mimics Facebook’s official branding, and send phishing emails that appear as official Facebook notifications.
“Basically, these messages are sent from the legitimate domain facebookmail.com,” the researchers explained. “Most users are used to being wary of strange sender addresses, but in this case the emails are coming from a domain they know and trust. This makes phishing emails much more convincing.”
The notifications sent by attackers usually relate to topics that may be of interest to SMBs and medium-sized businesses: account verification, meta-affiliate programs, or free ad credit programs.
To date, the attackers have sent more than 40,000 phishing emails to Check Point’s customer base (around 5,000 businesses), meaning the actual scale of the operation is likely much larger.
Most CPR customers received fewer than 300 emails, but one company was inundated with more than 4,000 messages. Most messages are formatted, meaning the goal is not to compromise specific organizations, but rather to cast a wide net and see who gets caught.
The victims are mainly in the US, Europe, Canada and Australia.
There are several ways to protect yourself against these advanced phishing attacks.
First, users must use a central password manager and enable multi-factor authentication (MFA) for all accounts. Therefore, they must ensure that they carefully verify the authenticity of the sender and educate their employees and social media managers about the risks of social engineering on the platform.
Finally, they should monitor their accounts for suspicious activity and report any phishing attempts to Facebook.