Facebook: hackers imitate the social network to steal user identifiers

Once again, the social network Facebook seems to be the target of a phishing campaign, we learn from Cyberwar. Strange emails supposedly sent by Facebook teams would be used to deceive the user.

Fraudulent emails causing the problem

"Hello, we need to inform you that your page has been flagged for unusual and illegal activity, so your page will be permanently deleted", here is an example of an email signed by the supposed Facebook security team, and sent to a manager of a page on the social platform.

    "Hello, we need to inform you that your page has been flagged for unusual and illegal activity, so your page will be permanently deleted"

A second message, also sent by "Page Flagged" (page flagged) and not by a certified Facebook account, states that a representative of the company will contact him shortly to discuss the situation. The technique is well established.

A fake home page to retrieve identifiers

Then, the sender specifies that there is a procedure to appeal and prevent his page from being permanently deleted. He even attaches the link to the so-called form.

The site to which it refers is all real, the URL is known and begins with "https://facebook.com". Before they can complete the form from the new site, the targets will have to identify themselves again. Obviously, the page in question is a decoy, as is the connection frame, used here to retrieve the identifiers of the victims.

Pay attention to the URL

In reality, the hackers simply used a subdomain to trick their victims into believing that they were indeed on a legitimate Facebook page, whereas on closer inspection the URL ended with ".top" , specifies Cyberwar. So it was indeed a well-done fake page.

The objective of this campaign is clear: to steal the credentials of users who manage Facebook pages, in order to be able to impersonate them and distribute their phishing campaigns on these pages.

If the page from which the emails appear to have been blocked by Facebook, there is still a good chance that the hackers behind the campaign will repeat their attack. To be on the safe side, double-check the entire URL you're sent to, and don't automatically rely on emails from "Facebook teams".

Filed under