Hackers Hijack Facebook Business Accounts

Cybercriminals have been exploiting Facebook business accounts by gaining unauthorized access to them and launching advertising campaigns under the guise of legitimate account owners. As a result, the victims are forced to bear the financial burden of these fraudulent campaigns.

Facebook, a widely recognized social media platform, has become a popular channel for financial advertising. Business owners and marketers leverage this platform to promote their products and services to a vast network of potential customers.

It is worth noting that even criminals took advantage of this platform. Rather than creating their own accounts, they resorted to hijacking other individuals’ business accounts to carry out their advertising campaigns.

To hack the victim’s account they act as advertising partners and marketing experts.

The messages used by the criminals to approach and establish contact with their future victim
The messages used by the criminals to approach and establish contact with their future victim

The above photo is an example of the criminal approach. The language is mainly free of errors and sometimes very high budgets are promised.

When the user clicks on the link, it will direct them to a zip file that is stored in the cloud. Within the zip file, there is a folder containing malicious code that can potentially harm the user’s device.

It is important to be cautious when opening any files from unknown sources to prevent any harm to your device.

Contents of the ZIP Bilder downloaded from the link in the message.
Contents of the ZIP Bilder downloaded from the link in the message. Ten out of 11 files do not contain any malicious code; 

When the victim opened the malicious file, the criminal accessed a silver platter and stole the cookies of the Facebook accounts.

Through this, hackers exploit several things for themselves, such as fake creating stores, malware downloads, and hijacking their advertising campaigns with payment information stored in the account, reads Gdatasoftware report.

To stop an aggressive takeover of an account, you must do four things:

  • Not being permanently logged in 
  • Use multi-factor authentication
  • Permanent skepticism about direct messages and unsolicited links 
  • Use a password manager instead of the browser’s “remember password” feature.  

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.