Spear Phishing Campaign Targets Facebook Business Accounts

Facebook-phishingResearchers at WithSecure have discovered a spear phishing campaign targeting employees who have access to Facebook Business accounts. The attackers are targeting specific employees, and then sending malware through LinkedIn messages.

“Based on telemetry and investigation conducted by WithSecure, one approach employed by the threat actor is to scout for companies that operate on Facebook’s Business/Ads platform and directly target individuals within the company/business that might have high-level access to the Facebook Business,” the researchers write. “We have observed individuals with managerial, digital marketing, digital media, and human resources roles in companies to have been targeted. WithSecure Countercept Detection and Response team has identified instances where the malware was delivered to victims through LinkedIn. These tactics would increase the adversary’s chances of compromising the respective Facebook Business all the while flying under the radar.”

Facebook’s parent company Meta told WithSecure that they’re doing their best to stop these scammers, but the ultimate responsibility is on the users to avoid downloading untrusted software.

Meta stated, “We welcome security research into the threats targeting our industry. This is a highly adversarial space and we know these malicious groups will keep trying to evade our detection. We are aware of these particular scammers, regularly enforce against them, and continue to update our systems to detect these attempts. Because this malware is typically downloaded off-platform, we encourage people to be cautious about what software they install on their devices.”

New-school security awareness training can teach your employees to follow security best practices so they can thwart social engineering attacks.

WithSecure has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews