A new phishing campaign exploiting Facebook’s brand has been discovered, targeting businesses and individuals worldwide.
Research by Check Point Software Technologies reveals that this campaign, active since December 20, 2024, has sent over 12,279 phishing emails to enterprises primarily in the European Union (45.5%), the United States (45.0%), and Australia (9.5%).
The attack also extends to other regions, with versions of the phishing emails appearing in Chinese and Arabic, highlighting its global scope.
The campaign uses Salesforce’s automated mailing service to distribute fraudulent emails without breaching its security protocols.
These emails are branded with the sender ID “noreply@salesforce.com,” lending them an air of legitimacy.
The emails falsely claim that recipients have violated copyright laws and include Facebook’s logo to further deceive users.
Recipients are directed to a counterfeit Facebook support page designed to harvest their credentials under the guise of account verification.
Credential Harvesting
The phishing emails lead victims to a fake landing page that mimics Facebook’s support interface.
This page prompts users to input sensitive login details, which are then captured by cybercriminals.
Businesses that rely on Facebook for advertising, customer engagement, or as an online storefront are particularly vulnerable.
A compromised Facebook admin account can result in unauthorized access to business pages, allowing attackers to manipulate content, delete posts, or lock out legitimate administrators by altering security settings.
Business Risks
According to the Research by Check Point, the consequences of such breaches extend beyond operational disruptions.
Clients may lose trust in the affected business, perceiving it as negligent in safeguarding their data and interactions.
This erosion of trust can lead to customer attrition or even legal action.
For organizations in regulated industries like healthcare or finance, such incidents could result in non-compliance penalties and reputational damage.
To counter this threat, businesses are advised to implement proactive measures.
Setting up alerts for suspicious logins or unusual activity can help detect unauthorized access early.
Employee education is critical Facebook administrators should be instructed never to click on links within emails claiming to originate from Facebook but instead verify account status directly on the platform itself.
Businesses should also inform customers about legitimate communication practices to prevent them from falling victim to phishing scams post-account compromise.
Additionally, organizations should maintain a robust incident response plan detailing steps for recovering compromised accounts and communicating transparently with affected customers if necessary.
These measures can help mitigate the impact of phishing attacks and safeguard both organizational assets and customer trust in an increasingly targeted digital landscape.
