'Copyright Infringement' Lure Used for Facebook Credential Harvesting

Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.

3 Min Read
facebook website with magnifying glass over "facebook business" header
Source: Big Tuna Online via Shutterstock

An extensive credential-harvesting campaign has hackers leveraging Facebook copyright infringement notices to steal enterprise credentials.

Malicious actors continue to use tried and true phishing techniques and social engineering tactics to compel targets into giving up key information, attempting to generate anxiety to prompt a hasty handover. According to a Monday report from Avanan, this latest campaign sends users an email warning that because the page has uploaded a photo violating Facebook’s copyright infringement policy, the account will be permanently suspended unless they click on link to appeal the decision.

This link leads not to a Meta site but rather a credential-harvesting site, the report notes.

"Though this email has a sender address that clearly does not come from Facebook, it’s otherwise fairly believable," the report said.

Jeremy Fuchs, cybersecurity researcher and analyst at Avanan, explains the campaign could be aimed at any organization, but would be most effective with companies that rely heavily on Facebook advertising.

"The urgency indicated in the email could cause some to take quick action," he says. "These types of attacks keep on finding success because they work. Attackers are able to use this to evade legacy defenses and are able to persuade users to click on it and take action."

To guard against similar social media-based phishing attack relying on a harried response to perceived urgency, Fuchs says checking the URL for legitimacy is a good start — as is checking the sender address.

"If those are off, that’s a good sign that something is amiss," he says. "The key thing is to encourage staff to take a beat before responding. That allows them to look for things like grammar errors, mismatched sender address, wrong URLs, and more."

Fuchs adds attacks constantly evolve, and malicious actors are likely to continue to use new lures, new services, and new ways to capture the victim’s attention.

The report advises employing security tactics like always double-checking sender addresses, hovering over all URLs before clicking, and logging into the Facebook account directly to check the status of the account, instead of clicking on the URL in the email.

The use of social media, though indispensable for many companies, also carries a risk, and Avanan and other security firms have spotted similar attacks spoofing the same brand as a sign hackers are getting people to bite.

Some 400 mobile apps posing as legitimate software on Google Play and the Apple App Store over the past year were designed to steal Facebook user credentials.

Facebook lead-generation forms had previously been repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers, with attackers piggybacking on the power of the Facebook brand by using emails that look like they're coming from Facebook Ads Manager.

And according to a report this month from Outseer, brand impersonations, or brandjackings, like these increased by 274% last year as attackers continue to peddle their scams by looking like they come from reliable sources.

As digital applications proliferate and use of social media remains strong, educating users against social engineering attempts is a key part of a strong defense.

About the Author

Nathan Eddy, Contributing Writer

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights