Kaspersky uncovers new scam targeting businesses on social media
LAHORE: Kaspersky experts have uncovered a new phishing scam targeting businesses that promote their pages on Facebook. The scam involves emails purportedly sent on behalf of Meta for Business -- Facebook’s platform for businesses -- claiming that the recipient’s page contains prohibited content. The email urges users to provide explanations to prevent their account and page from being blocked. The attackers’ objective appears to be gaining access to business accounts.
According to Kaspersky’s anonymised data, such emails began reaching users on December 14, with complaints emerging from organisations worldwide. A closer examination of the ‘From’ field in the emails reveals that the domains used do not belong to Facebook. Kaspersky found that these emails were sent from various unrelated domains.
The email link redirects users to Facebook Messenger, where an account impersonating Facebook’s support team appears convincing, fostering a false sense of trust. Although there are subtle indications that the account is a fan page, these are easily overlooked, particularly under the stress of being accused of violating Facebook’s policies.
This phishing scheme is notable for its sophistication. Unlike earlier scams that accused users of copyright violations and directed responses via email, this approach simulates internal communication on Facebook itself, making it harder to detect as fraudulent.
“In 2025, we anticipate a rise in attacks leveraging social engineering and users’ trust in major platforms. Scams like this are becoming more sophisticated as attackers strive to closely mimic official services. Users must remain vigilant and verify the authenticity of messages. We strongly advise against engaging with suspicious accounts and recommend activating additional security measures, such as two-factor authentication. If you receive such an email, report the incident to Facebook’s support team and update your passwords immediately if any information has been compromised,” advises Email Threats Protection Group Manager at Kaspersky Andrey Kovtun.
To protect against such attacks, the cybersecurity company recommends enabling two-factor authentication wherever possible; using strong and unique passwords, and rely on a password manager to generate and securely store them; and equipping all work devices with reliable security solutions that can warn users of potential threats and block malicious actions, including those by malware and browser extensions.
-
49ers Crushed As Kenneth Walker III Leads Seahawks To 41-6 Win -
Canadiens Star Lane Hutson Makes History With 100th NHL Assist -
Prince William Barred From Riding E-scooter At His Own Home! -
Prince William New PR Step Is Not 'shrewed Move,' Says Expert -
Barack Obama Honours Michelle Obama On Her 62nd Birthday -
Why Kate Middleton Runs Away From 'some Royal Relatives' -
Khloe Kardashian's Ex-husband Lamar Odom Arrested In Las Vegas -
Andrew Mountbatten Windsor Has Staff From 'big Brother' For All His Needs -
Perrie Edwards And Alex Oxlade-Chamberlain Welcome Second Child -
Meryl Streep To Return In 'Mamma Mia 3'? -
James Cameron Weighs In On Debates He Still Has About 'Titanic' Raft Scene -
'Star Wars' Director Speaks Out Against 'scared' Comment -
Andrew Mountbatten Windsor Braves Through 'element Of Tragedy' Im Exile -
Wayne Brady On How Decision About His Sexuality Has Made Him A Better Parent -
Andrew Mountbatten Windsor, Sarah Ferguson To Jump At 'comeback' Chance -
Prince William, Kate Middleton Have Reset Their 'love' After Cancer