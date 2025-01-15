Share

Kaspersky experts have uncovered a new phishing scam targeting businesses that promote their pages on Facebook.

Scammers send emails allegedly on behalf of Meta for Business – Facebook’s platform for businesses – claiming the recipient’s page contains prohibited content.

The email suggests users provide explanations in order for their account and page to be unblocked. The goal of the attackers is likely to get access to users’ business accounts.

Kaspersky’s anonymised data shows that such emails started reaching users on 14 December 2024, with complaints coming from organisations all over the world, including the Middle East, Turkiye and Africa.

By examining the “From” field in the email it can be seen that the domain does not belong to Facebook. According to Kaspersky data the emails that this campaign used were sent from different domains.

The link in the email redirects users to Facebook Messenger. On Messenger, the account posing as Facebook’s support team appears legitimate, creating a false sense of trust.

There is an indication that this is a fan page, but it is easy to miss in a situation of high stress after being accused of spreading illegitimate content. This scheme stands out for its sophistication.

Unlike earlier scams that accused users of copyright violations and directed them to respond via email, this approach simulates internal communication on the Facebook platform itself.

“In 2025, we anticipate a rise in attacks leveraging social engineering and user trust in major platforms. Scams like this are becoming more sophisticated as attackers strive to mimic official services closely.

Users must remain vigilant, verify the authenticity of messages, and avoid clicking on suspicious links.’’ says Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky.

‘’We strongly advise users not to engage with suspicious accounts and to activate additional security measures, such as two-factor authentication.

If you receive such an email, report the incident to Facebook’s support team and update your passwords immediately if any information has been compromised,” Recall that, last year, Kaspersky had reported that telecoms, mass media, and construction development companies would be the top cyberattack targets in the first half of 2024.

Kaspersky noted that telecoms faced the greatest number of incidents, likely due to attackers’ interest in sensitive data and trusted relationships exploitation.

In turn, mass media are traditionally targeted during international conflicts, while construction development firms may be also attractive for threat actors due to their extensive subcontractor use.

In the global telecommunications sector, there were 284 cybersecurity incidents per 10,000 systems, according to Kaspersky Managed Detection and Response (MDR) statistics for JanuaryJune 2024.

Mass media companies experienced 180 attacks per 10,000 systems, while the construction development, food and industrial sectors followed with 179, 122 and 121 incidents, respectively.

“A successful attack, especially an advanced one, on a telecoms company can expose millions of customers’ records, including contact details, social security numbers, and credit card information.

It can also serve as a possible springboard for further attacks on clients through trusted relationship exploitation,’’ says Sergey Soldatov, head of Kaspersky Managed Detection and Response.

‘’That’s why this sector is so attractive for cybercriminals. The mass media organisations become an increasingly frequent target during international conflicts, which are often characterised by information warfare in which they play a crucial role.

The construction development firms, in turn, have significant cash flows and rely on subcontractors, making them vulnerable to attacks via trusted partners’ infrastructures and spear phishing,” Sergey adds.

Telecommunication companies also faced the highest average number of critical incidents, with 32 attacks per 10,000 systems.

