In an alarming development, cybersecurity experts at Kaspersky have uncovered a new phishing campaign targeting businesses that promote their pages on Facebook. The scam uses fake emails claiming to be from Meta for Business to lure victims into providing their account credentials.

How the Scam Works

Beginning Thursday, 14 December 2023, phishing emails started appearing in inboxes worldwide, including organisations in the Asia Pacific region. The emails accuse recipients of having prohibited content on their Facebook pages and offer a link to “provide explanations” to avoid being blocked.

Upon clicking the link, victims are redirected to Facebook Messenger, where an account impersonating Facebook’s support team initiates a conversation. While appearing legitimate, subtle cues – like the indication that this is a fan page – are easy to overlook during moments of stress.

Unlike traditional phishing schemes that redirect users to fake websites, this scam’s unique use of Messenger mimics Facebook’s internal communication, enhancing its credibility.

Kaspersky’s Andrey Kovtun warns, “Scams like this are becoming more sophisticated as attackers strive to mimic official services closely. Users must remain vigilant, verify the authenticity of messages, and avoid clicking on suspicious links.”

Protecting Yourself

Kaspersky recommends taking the following precautions to safeguard your Facebook business account:

• Enable Two-Factor Authentication: Add an extra layer of security to your account.
• Monitor Suspicious Login Alerts: Stay informed about unauthorised access attempts.
• Use Strong, Unique Passwords: Leverage a password managerSophisticated Facebook Phishing Scam Targets Business Accounts: What You Need to Know for secure storage.
• Verify URLs: Double-check the authenticity of web addresses before entering credentials.
• Install Reliable Cybersecurity Software: Protect devices against malware and phishing threats.

If you suspect fraudulent activity, report it to Facebook support and update your account passwords immediately.

As phishing tactics evolve, businesses must prioritise cybersecurity awareness. By recognising the signs of scams and implementing robust protection measures, organisations can safeguard their online presence against growing threats.