Facebook Phishing Attack Chain Infrastructure Uncovered

Phishing campaigns are still the most effective way to hack a person, spread malware, infiltrate an organization or conduct any cybercriminal activities.

Though several security measures have been taken against phishing campaigns, threat actors are still coming up with various sophisticated methods for succeeding in them.

Recent reports from Zero Day’s Security Platform indicate that threat actors are currently conducting a phishing scam in the name of the social media giant “Meta” which stated a community guidelines violation on Facebook that can lead to the deactivation of the account.

One of the emails was received by PhishZDL, Zero Day Security Platform.

Phishing Email Analysis

In the same way as any other phishing campaign, this email also tends to create an emotional response from the victim that could potentially lead to clicking the embedded link in the body of the email, which will land on a phishing page.

Meta Phishing Campaign

The Phishing page had the domain hxxps://meta-business-care-7faed[.]web[.]app looks like a legitimate Meta Support team page along with the logo. The page displays the information as the page has been flagged for suspicious activity. 

Meta Phishing Page

In addition to the above message, the page has an option for victims to appeal against the suspension which asks for Email ID, Phone Number, and other details.

Submitting these details will result in the attacker getting Personally Identifiable Information (PII) that can lead to account takeovers and much more.

SSL Certified Phishing Pages

These phishing pages have an SSL certificate that was issued by Google Trust Service LLC and have multiple falsely branded phishing pages like Dropbox, Microsoft Outlook, and Sharepoint.

A complete technical analysis of these phishing campaigns has been released by Zero Day.

SSL Certified Phishing Page

The number of people that fell victim to these phishing campaigns is reported to be 40,000 or higher.

It is recommended that every individual be aware of phishing campaigns and be vigilant to protect personal information.

Domains used for this phishing campaign

  • https://ad-account-disabled-[random].web.app
  • https://business-request-appeal-[random].firebaseapp.com
  • https://due-to-policy-[random].web.app
  • https://fb-restriction-case-[random].web.app
  • https://infringement-case-[random].web.app
  • https://meta-business-case-[random].web.app
  • https://meta-for-business-case-[random].web.app
  • https://policy-violation-[random].web.app
Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.