A new attack uses Facebook post phishing to skip email security. So pay close attention to what posts you are interacting with and block others.
A new phishing campaign tricks people into handing over their accounts’ login details by using Facebook posts as part of the scam.
The email messages sent to targets claim to be an issue regarding copyright infringement on one of the recipients’ Facebook posts, threatening that their accounts will be removed from Facebook if they don’t file an immediate response.
The link to appeal a user account deletion is a Facebook page on facebook.com, which helps attackers circumvent spam filters and ensure their phishing emails get delivered to the target’s mailbox.
The Facebook page pretends to be “page support” by using a Facebook logo to look like the company runs it.
However, this blog post contains a link to an external fake news website called “Meta, Facebook’s Owner,” to slightly decrease the chance of people falling for the scam.
The attackers used three URLs during the attack. Phishers carefully craft websites to look like Facebook’s actual copyright complaint forms.
After submitting this form, the attacker also collects the victim’s IP addresses and geolocations and sends them to a Telegram account under their control.
The attackers may use the extra information gathered during an attack to bypass fingerprinting protections and security questions while taking over their victims’ Facebook accounts.
Meanwhile, a redirect takes the user to the following phishing site, where they see a fake OTP prompt with a countdown timer. If the victim enters any code, they will get an error message saying, “That didn’t work.” However, if they click “Need another method?” they’re redirected to the actual Facebook page.
Analysts found that cybercriminals use Google Analytics on their fake websites to track the effectiveness of their attacks. In addition, numerous Facebook accounts use phony support pages to lure people into visiting fake sites.
These Facebook posts phishing links to bad websites use shortened URLs to avoid getting their content deleted from the social media platform.
How to Block Facebook Post Phishing
Victims may land on malicious websites through email campaigns, like in the case described here. Or they may be lured into clicking links sent by friends on social media platforms. So first, stop clicking links from people and places you don’t know – it can be as simple as that. Just delete the email.
You can also set your privacy settings so only people you approve can see your profile. When you tag someone in a photo, they get an email notification letting them know what you’ve tagged them in. Learn more about tagging photos.
- Use the “My Timeline” section to review and manage what posts you see on Facebook.
- Click your profile image in the upper right corner of Facebook.
- Click Settings & Privacy – Activity Log.
- On the left side of the screen, click “Timeline,” “Photo,” and “Tag Review.”
- Click “Review Posts” from the menu bar at the top.
You can either click “Add to profile” next to each post to accept it or “Hide” to hide posts from your feed. Using these other methods to block Facebook post phishing, you can also stop criminals.