Meta business accounts increasingly being hit by cyberattacks
Date:
Wed, 15 May 2024 13:00:09 +0000
Description:
Hackers want access to your Facebook ad campaign money, and more.
FULL STORY ======================================================================
Meta business accounts are being increasingly hit by cyberattacks, as threat actors look for easy ways to run malvertising campaigns on one of the worlds biggest social media platforms. This is according to a new report from cybersecurity researchers Cofense, who recently detailed a brand new phishing campaign, powered by a potent phishing kit, aimed at owners of such accounts.
Meta (Facebook, essentially) Business accounts differ from regular ones, and are designed to enable businesses, brands, organizations, and public figures to manage their presence, engage with their audience and, most importantly, run advertising campaigns.
Since all advertising campaigns need to go through some form of audit
(usually automated and quite possibly AI-powered), business accounts with a history of successful campaigns have a higher chance of being cleared, even for malvertising. That makes them a popular target among cybercriminals.
Whats more, business accounts often have credit cards linked to them as well, allowing threat actors to run malvertising campaigns at someone elses
expense. "Classic" phishing
But most business accounts nowadays are also protected with multi-factor authentication (MFA), a second authentication step that makes it harder for hackers to steal them. A new phishing kit, detailed by Cofense in its report, allows the adversaries to bypass this step, too.
It all starts with a phishing email, which bypasses spam filters, and lands straight into the inbox. The email claims a recent ad campaign violated Metas policy, and that urgent information verifications are necessary for the campaign, and the account itself, to not get terminated. As expected with phishing emails, this one offers a link to verify account information, which redirects users to a fake Facebook login page. There, the attackers can grab not just login credentials, but MFA codes, as well.
Defending against phishing emails is relatively simple, and starts by double-checking the sender address (its almost never the same as the legitimate domain). Furthermore, authentic emails will almost never demand urgent user action, and will not threaten account termination in such a way. More from TechRadar Pro Don't fall for this devious phishing scam, Facebook users warned Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/meta-business-accounts-increasingly-bei ng-hit-by-cyberattacks
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)