Threat actors are still attempting to leverage Facebook in attacks as we roll into the new year. Numerous attacks that involve Facebook have been seen over the years, but this specific campaign involves a copyright infringement notice. Researchers from Avanan identified phishing emails that use Facebook as the lure and attempt to get user credentials. Users are receiving emails that state their accounts have been suspended due to a photo uploaded to the account’s page violating Facebook’s copyright infringement policy. The threat actors play on a sense of urgency and warn the receiver of these emails that if they do not respond or resolve the issue in 24 hours, their account will be permanently suspended. At first glance, the email is rather believable and someone who is simply worried about getting their account back would likely not notice without further inspection. Below is an example of one of the emails seen by Avanan.
Analyst Notes
Users looking to protect themselves from these types of attacks should do the following:
• Always hover all URLs before clicking
• Always double-check sender addresses
• Log into the Facebook account directly to check the status of the account instead of clicking on the URL in the email
https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing
