Connect with us

Hi, what are you looking for?

Social Media

Watch out for ‘Meta-Phish’: New scam seeks to collect data on Facebook users

A new phishing campaign leverages Facebook posts to bypass email security checks.

Image: — © AFP Anatolii Stepanov
Image: — © AFP Anatolii Stepanov

Users of social media have been warned about a new phishing campaign. The cyber-scam uses  Facebook posts to trick users into handing over their account credentials and personally identifiable information.

Dubbed Meta-Phish, the scam works by attackers sending fake copyright infringement notices warning Facebook users that their accounts would be deleted within 48 hours unless they appeal the decision.

Users are then diverted to a fake appeal form, which collects key personal data about the user, which can put the unwitting recipient at far greater risk of issues like personal identification data theft. The appeal URL links to an actual Facebook post, allowing the threat actor to evade email security checks and deliver phishing messages to users’ inboxes.

Looking into this latest attempt to utilize technology to defraud others, for Digital Journal, s Tonia Dudley, CISO at Cofense.

Dudley explains why those engaging in such illicit activity have turned to Facebook: “With nearly 2.9 billion monthly active users, Facebook has unfortunately been an active target for scammers seeking to exploit accounts and make financial gains for a long time.”

In terms of the form of attack, Dudley elucidates: “This recent attack is very similar to a December 2020 phishing campaign that tricked users into giving scammers their account credentials for fear that their accounts would be disabled. In this case, scammers alerted users to a copyright infringement issue and linked them to an external “support” site named after Meta to reduce suspicion.”

Going into more detail, Dudley adds: “As is common in many of today’s phishing attacks, a critical component of this particular attack is its lure design. Threat actors play the fear factor in many phishing campaigns, which causes many users to overlook common indicators of a phishing attempt, including an improper tone or greeting, grammar or spelling errors and inconsistencies in email addresses, links and domain names.” 

Dudley sees the main responsibility in addressing these attacks as falling with Facebook rather than the user. Dudley states: “To prevent future phishing attacks, organizations like Facebook must take the necessary steps to protect inboxes, detect threats, and respond to an attack.”

Dudley also recommends that the social media giant adopts “actionable intelligence that gives visibility into the risk factors in your network and immediately and decisively responds to phishing threats will help keep malicious actors at bay and ensure the protection of sensitive data.” 

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Webtoon Entertainment, the most popular digital comics hosting platform, has filed for an initial public offering (IPO) on the US Nasdaq stock.

Tech & Science

A further deep-dive into the data finds that cars aged 20 years are most likely to fail their MOT.

Tech & Science

Microsoft announced the new AI-powered personal computers, which will use the company's software under the Copilot Plus brand.

Business

The theme for 2024 is #enhancedbyengineering, focusing on profiling the best, brightest and bravest women in engineering.