"'Copyright Infringement' Lure Used for Facebook Credential Harvesting"

A recently discovered extensive credential-harvesting campaign has hackers leveraging Facebook copyright infringement notices to steal enterprise credentials.  According to researchers at Avanan, this latest phishing campaign sends users an email warning that because the page has uploaded a photo violating Facebook’s copyright infringement policy, the account will be permanently suspended unless they click on a link to appeal the decision.  This link leads not to a Meta site but to a credential-harvesting site.  The researchers noted that though this email has a sender address that clearly does not come from Facebook, it’s otherwise fairly believable.  The researchers stated that the campaign could be aimed at any organization but would be most effective with companies that rely heavily on Facebook advertising.  The researchers noted that the urgency indicated in the email could cause some to take quick action.  The researchers stated that to avoid falling for this phishing campaign, people should double-check sender addresses, hover over all URLs before clicking, and log into the Facebook account directly to check the status of the account instead of clicking on the URL in the email.

Dark Reading reports: "'Copyright Infringement' Lure Used for Facebook Credential Harvesting"