[ad_1]
Researchers have discovered a new phishing campaign leveraging Facebook posts to bypass email security checks, collect users’ information, and take over accounts.
Dubbed Meta-Phish, attackers send fake copyright infringement notices warning Facebook users that their accounts would be deleted within 48 hours unless they appeal the decision.
TrustWave SpiderLabs researchers identified several Facebook pages, accounts, and external domains, involved in the phishing campaign.
Phishing campaign leverages Facebook posts and shortened URLs to bypass email security checks
According to the researchers, the appeal URL links to an actual Facebook post, allowing the threat actor to evade email security checks and deliver phishing messages to users’ inboxes.
Threat actors also created a fake “Page Support” page with a Facebook logo and a convincing copyright violation message to trick users further. These fake pages can easily be found on Facebook by searching “appeal form.”
However, the post includes a link to an external phishing site on a spoofed domain resembling Facebook’s parent company Meta such as hxxps://meta[.]forbusinessuser[.]xyz. Additionally, the fake appeal page mimics Facebook’s copyright appeal page and requests personal information, which is stolen immediately upon clicking the send button.
According to the researchers, the attackers target Facebook account credentials and personally identifiable information such as full name, phone number, Facebook name, and username. The phishing campaign also collected IP address and geolocation information and sends it to a Telegram channel using a Telegram bot API over HTTPS. Attackers use the ipinfo.io geolocation services to map users’ IPs to a geographical region.
To complete the attack chain, the attackers redirect the victim to a timed fake One Time Password (OTP) check page, with every code the user enters resulting in an error. However, the page also provides a “Need another way to Authenticate?”…
..
[ad_2]
