Kaspersky uncovers new scam targeting businesses on social media
LAHORE: Kaspersky experts have uncovered a new phishing scam targeting businesses that promote their pages on Facebook. The scam involves emails purportedly sent on behalf of Meta for Business -- Facebook’s platform for businesses -- claiming that the recipient’s page contains prohibited content. The email urges users to provide explanations to prevent their account and page from being blocked. The attackers’ objective appears to be gaining access to business accounts.
According to Kaspersky’s anonymised data, such emails began reaching users on December 14, with complaints emerging from organisations worldwide. A closer examination of the ‘From’ field in the emails reveals that the domains used do not belong to Facebook. Kaspersky found that these emails were sent from various unrelated domains.
The email link redirects users to Facebook Messenger, where an account impersonating Facebook’s support team appears convincing, fostering a false sense of trust. Although there are subtle indications that the account is a fan page, these are easily overlooked, particularly under the stress of being accused of violating Facebook’s policies.
This phishing scheme is notable for its sophistication. Unlike earlier scams that accused users of copyright violations and directed responses via email, this approach simulates internal communication on Facebook itself, making it harder to detect as fraudulent.
“In 2025, we anticipate a rise in attacks leveraging social engineering and users’ trust in major platforms. Scams like this are becoming more sophisticated as attackers strive to closely mimic official services. Users must remain vigilant and verify the authenticity of messages. We strongly advise against engaging with suspicious accounts and recommend activating additional security measures, such as two-factor authentication. If you receive such an email, report the incident to Facebook’s support team and update your passwords immediately if any information has been compromised,” advises Email Threats Protection Group Manager at Kaspersky Andrey Kovtun.
To protect against such attacks, the cybersecurity company recommends enabling two-factor authentication wherever possible; using strong and unique passwords, and rely on a password manager to generate and securely store them; and equipping all work devices with reliable security solutions that can warn users of potential threats and block malicious actions, including those by malware and browser extensions.
-
Japan: PM Takaichi Flags China ‘Coercion,’ Pledges Defence Security Overhaul -
Angorie Rice Spills The Beans On Major Details From Season 2 Of ' The Last Thing He Told Me' -
Questions Raised Over Andrew Mountbatten-Windsor's Line Of Succession -
'Shameless' Sarah Ferguson 'pressuring' Princess Eugenie, Beatrice For Major Reason -
Teacher Arrested After Confessing To Cocaine Use During Classes -
Paul McCartney Talks 'very Emotional' Footage Of Late Wife Linda In New Doc -
Princess Beatrice, Princess Eugenie's Response To Andrew's Arrest Revealed -
King Charles And Princess Anne Bestow Honours At Windsor Castle -
King Charles 'worried' As Buckingham Palace, Royal Family Facing 'biggest Crisis' -
Milo Ventimiglia Recalls First Meeting With Arielle Kebbel On The Sets Of 'Gilmore Girls' Amid New Project -
Eric Dane Infuriated After ALS Diagnosis As He Feared The Disease Would Take Him Away From His Girls -
It's A Boy! Luke Combs, Wife Nicole Welcome Third Child -
Leading Astrophysicist Shot Dead At Southern California Home -
Johnny Depp's Kind Gesture Towards Late 'Grey's Anatomy' Actor Eric Dane Before Death Laid Bare -
How Princess Eugenie, Beatrice React To Andrew Arrest? -
Kylie Jenner 'convinced' Gwyneth Paltrow Is 'crushing' On Timothee Chalamet: 'It's Disrespectful'