Kaspersky uncovers new scam targeting businesses on social media
LAHORE: Kaspersky experts have uncovered a new phishing scam targeting businesses that promote their pages on Facebook. The scam involves emails purportedly sent on behalf of Meta for Business -- Facebook’s platform for businesses -- claiming that the recipient’s page contains prohibited content. The email urges users to provide explanations to prevent their account and page from being blocked. The attackers’ objective appears to be gaining access to business accounts.
According to Kaspersky’s anonymised data, such emails began reaching users on December 14, with complaints emerging from organisations worldwide. A closer examination of the ‘From’ field in the emails reveals that the domains used do not belong to Facebook. Kaspersky found that these emails were sent from various unrelated domains.
The email link redirects users to Facebook Messenger, where an account impersonating Facebook’s support team appears convincing, fostering a false sense of trust. Although there are subtle indications that the account is a fan page, these are easily overlooked, particularly under the stress of being accused of violating Facebook’s policies.
This phishing scheme is notable for its sophistication. Unlike earlier scams that accused users of copyright violations and directed responses via email, this approach simulates internal communication on Facebook itself, making it harder to detect as fraudulent.
“In 2025, we anticipate a rise in attacks leveraging social engineering and users’ trust in major platforms. Scams like this are becoming more sophisticated as attackers strive to closely mimic official services. Users must remain vigilant and verify the authenticity of messages. We strongly advise against engaging with suspicious accounts and recommend activating additional security measures, such as two-factor authentication. If you receive such an email, report the incident to Facebook’s support team and update your passwords immediately if any information has been compromised,” advises Email Threats Protection Group Manager at Kaspersky Andrey Kovtun.
To protect against such attacks, the cybersecurity company recommends enabling two-factor authentication wherever possible; using strong and unique passwords, and rely on a password manager to generate and securely store them; and equipping all work devices with reliable security solutions that can warn users of potential threats and block malicious actions, including those by malware and browser extensions.
-
Why Is Apple Raising Prices On Everything Right Now? -
Sarah Ferguson Could Get Revenge On King Charles By Spilling Princess Diana's Secrets? -
Taylor Swift's Ex Matty Healy Marries Model Gabbriette Bechtel Weeks After Popstar's Wedding -
Russia Launches One Of Its Most Massive Ballistic Missile Attacks On Ukraine -
Is Facebook Down? Users Report Login, Feed Issues -
Shania Twain Shares How She And Husband Fell In Love After Their Exes' Affair -
Prince William's Priority Amid King Charles 'emotional' Decisions Revealed -
Chris Hemsworth Celebrates Elsa Pataky's 50th Birthday: 'Forever Adventurous' -
Moonshot AI's Kimi K3 Sparks $30B Valuation Race -
Can Trump Help Lebanon? Joseph Aoun To Visit White House To Increase Pressure On Israel -
Christopher Atkins Recalls How He Lost A Career-changing Role In His 20s Despite His 'Blue Lagoon' Success -
Prince William, Harry: Major Claim About Royal Brothers Dismissed -
Why Samsung Is Cutting US Jobs Ahead Of Headquarters Move -
Meghan Markle, Prince Harry's Major Humiliation Comes To Light: 'Order Came Directly From King Charles' -
Tate Brothers Arrested In Miami As UK Files More Criminal Charges -
How Jelly Roll And Bunnie Xo Are Moving Forward After Generous Divorce Settlement