This post is also available in:
עברית (Hebrew)
A new phishing campaign, identified by cybersecurity company Cofense, is preying on businesses that advertise on Meta’s platforms, including Facebook and Instagram. The attackers have found a way to exploit the trust that millions of active advertisers place in Meta’s advertising system, using fake notices of account suspension to trick victims into handing over sensitive information.
The campaign begins with an email that appears to be from Meta’s support team, warning that the user’s ad account has been suspended for violating Meta’s advertising policies, including EU regulations. The email urges the recipient to click a link to “Check more details” and appeal the suspension.
However, according to Cofense, the link leads to a fraudulent Meta support page, designed to look legitimate. The page tells the victim that their account is at risk of being permanently disabled and encourages them to click a “Request review” button. This action prompts the victim to enter sensitive details, such as their name and business email, which are then captured by the attackers.
From here, the scam escalates. The victim is greeted by a fake chatbot that claims to be a Meta support representative, further convincing the user that they are dealing with official Meta support. The chatbot requests screenshots of the victim’s business account, likely to help identify high-value targets. If the scammers determine the victim is a worthwhile target, they will instruct them to perform a “system check,” which ultimately leads to the victim being asked to provide their Facebook password. At this point, the victim’s account is compromised.
In some cases, the attackers also offer a false “Two-Factor Authentication (2FA) setup guide” that promises to resolve the suspension. Following these instructions, however, results in the victim losing access to their account.
The phishing emails contain red flags that businesses should watch for. For instance, the sender’s address doesn’t come from Meta, but from “[email protected],” signaling that the message is a scam. Additionally, the fraudulent support page uses a suspicious URL that doesn’t match Meta’s legitimate domains.
This sophisticated phishing attack highlights the need for businesses to be cautious when handling account-related communications and always verify the authenticity of any request for sensitive information.
