"Phishing Campaign Leverages Facebook Posts to Bypass Email Security"

Researchers have found a new phishing campaign that uses Facebook posts to circumvent email security checks, acquire user information, and seize control of accounts. The Meta-Phish campaign involves sending false copyright infringement letters to Facebook users, threatening them with account deletion in 48 hours unless they appeal the decision. Researchers from TrustWave SpiderLabs discovered many Facebook pages, accounts, and other domains associated with the phishing campaign. The appeal URL, according to the researchers, leads to an authentic Facebook post, allowing the threat actor to bypass email security checks and transmit phishing messages to recipients' inboxes. To further deceive users, threat actors established a phony "Page Support" page with a Facebook logo and a convincing copyright violation notification. These fake pages are easily discovered on Facebook by searching "appeal form." The post contains a link to an external phishing site with a spoofed domain that looks similar to Facebook's parent corporation Meta. Furthermore, the fake appeal page imitates Facebook's copyright appeal page and asks for personal information, which is immediately taken upon pressing the send button. According to the researchers, the attackers target Facebook account credentials and Personally Identifiable Information (PII) such as complete names, phone numbers, Facebook names, and usernames. The phishing effort also collected IP address and geolocation data, and sent it to a Telegram channel. The attackers use geolocation services to map users' IP addresses to specific geographical areas. To complete the attack chain, the attackers send the victim to a timed false One Time Password (OTP) check page, where any code entered by the user results in an error. The page has a "Need another means to Authenticate?" link. When the victim clicks on the link, a page appears with instructions for retrieving user-generated recovery codes and a "Get Code" button that redirects the victim to a legitimate Facebook login page. This article continues to discuss findings surrounding the Meta-Phish phishing campaign. 

CPO Magazine reports "Phishing Campaign Leverages Facebook Posts to Bypass Email Security"