Phishing Alert, Hackers Take Advantage Of Facebookmail.com's Official Domain To Attack SMEs

Illustration of hackers doing phishing with the official domain of Facebook (photo: dock. unsplash)

JAKARTA Check Point, a cybersecurity company, revealed that there is a large-scale phishing campaign that utilizes the Meta Business Suite feature. This campaign exploits the domain of Facebookmail.com.

Hackers are known to use the official domain to deploy very convincing false notifications. From the results of Check Point monitoring, more than 40,000 phishing emails have been distributed to more than 5,000 subscribers.

Despite being distributed to many countries, the main targets of this attack are the US, Europe, Canada and Australia. Hackers focus on attacking industries that rely heavily on Facebook advertising, such as automotive, real estate, and finance.

The attack began when cybercriminals created fake Facebook Business pages. This page is modified with a logo and name that resembles the official Facebook brand. Then, they use the Business invitation feature to send malicious emails.

Check Point said that this phishing campaign was very dangerous because, "hid behind the legitimate Facebook infrastructure, they immediately gained credibility." Hackers also managed to get their emails urging customers.

For example, they send emails with subjects, required Actions: You Are Invited to Join Free Ad Credit Program. They also sometimes add the phrase 'Necessary Account Verification' to the subject'.

Once clicked, the link will direct the victim to a phishing site hosted in a domain like vercel.app. This fake site is designed to steal incoming credentials and other sensitive information. The main targets are small and medium enterprises (SMEs) that often receive genuine business notifications.

To avoid this phishing method, brands or organizations need to train employees to question unusual requests, even from sources that appear to be trusted. In addition, activating multifactor authentication (MFA) is very important at this time.