The Phishing Campaign Uses Facebook Messages
Shari Lynn Kramer / 20 Dec 2022
A new phishing campaign has been uncovered by cybersecurity firm Trustwave that is targeting Facebook users with fake copyright infringement notices. The campaign is designed to dupe users into giving away their account details by threatening to delete their accounts within 48 hours unless they fill out an appeal form.
The appeal form then collects personal data about the user, which can put them at risk of identity theft. This campaign is particularly insidious because it relies on social engineering tactics to deceive its victims.
The message is designed to look legitimate, and it even includes a link to the appeal form. However, the link is actually a malicious website that is designed to look like the official Facebook page. Once the user clicks the link, they are taken to the malicious website, where they are prompted to enter their personal information.
The website also includes a disclaimer that states that the data will be used for “internal purposes only.” However, this is simply a ruse to make the user feel more comfortable about entering their data. In reality, the data is collected and stored by attackers, who can then use it for identity theft or other malicious activities.
The phishing campaign is especially dangerous because it relies on social engineering tactics to deceive its victims. By using a legitimate-looking message from Facebook, the attackers are able to convince the user to click the link and enter their personal information.
As a result, unsuspecting users are duped into giving away their personal data, which can then be used for identity theft or other malicious activities. It is important for users to be aware of this phishing campaign and to take steps to protect themselves from it.