A recent phishing campaign targeting Meta Business account users has been identified by the Cofense Phishing Defense Center (PDC). This malicious scheme aims to trick unsuspecting victims into disclosing their account credentials through fake Meta emails.
The attack begins with fraudulent emails posing as official Instagram notifications, informing recipients that their advertising accounts have been temporarily suspended due to alleged violations of advertising policies. The messages also mention the EU GDPR regulations in an attempt to add credibility to their claims. These emails create a sense of urgency by using subject lines such as “Critical Advertising Restrictions on Your Account,” prompting users to take immediate action.
Upon opening the email, users are instructed to click on a button labeled “Check more Details,” which directs them to a convincing fake webpage. Despite its visual similarities to authentic Meta pages, a closer look at the URL reveals that victims are being redirected to malicious domains like “businesshelp-manager[.]com” instead of legitimate Meta domains.
To further deceive victims, the attackers employ sophisticated social engineering tactics, including fake chat support services. Once users click on the provided link, they are prompted to enter personal information and interact with a chatbot posing as Meta’s customer support. During these interactions, attackers request sensitive details such as screenshots of business account settings and personal information pages under the guise of verification procedures.
Additionally, the attackers attempt to gain persistent access to victims’ accounts by guiding them through a fake “System Check” process. This deceptive procedure involves setting up Two-Factor Authentication (2FA) using an authenticator app named “SYSTEM CHECK,” controlled by the hackers themselves. By registering their devices as trusted login methods, the attackers effectively hijack the victim’s account.
In cases where users do not engage with the chatbot support, the attackers provide detailed instructions disguised as self-help guides for resolving account suspension issues. These instructions lead users to configure malicious 2FA setups unknowingly, providing attackers with alternative means of account takeover.
The phishing campaign displays a high level of sophistication, utilizing realistic email templates, convincing landing pages, and interactive chatbot experiences to increase the chances of successful credential theft and unauthorized account access. Security experts advise social media users relying on these platforms for advertising to exercise caution. It is recommended to verify sender addresses, scrutinize URLs before clicking on links, and be wary of unsolicited requests for sensitive information or immediate actions.
Prompt reporting of suspicious activities is crucial in thwarting potential damage from evolving cyber threats targeting social media credentials. By remaining vigilant and proactive, users can protect themselves against phishing attacks and safeguard their online accounts.