Facebook, the world’s leading social media platform, has become the subject of a new phishing campaign that has targeted over 12,000 email addresses across hundreds of businesses, reveals the latest research from Check Point Research (CPR).
This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.
Reportedly, scammers are leveraging Salesforce’s automated mailing service to distribute these deceptive emails, without manipulating the sender ID, which makes these emails appear to originate from [email protected], lending a sense of authenticity to their operation.
These emails carry counterfeit Facebook logos and falsely accuse recipients of copyright infringement. Such as in a sample email screenshot researchers have shared, the attackers cite the unauthorized use of copyrighted music owned by Universal Music Group as the issue.
According to CPR’s report, recipients are then threatened with account restrictions, including limitations on posting, live streaming, or advertising unless they contest the claim within a short timeframe.
This deception continues with a fraudulent Facebook support page, the link to which is included in the email and unsuspecting victims are prompted to enter their login credentials. This page is designed to extract sensitive information, falsely claiming that these details are necessary for an account review rather than disablement.
The landing page itself mimics the legitimate Facebook interface as shown in the screenshot. It features an “Account Overview” section with details of a supposed “Account Restriction.” It falsely claims the user is “not allowed to use Meta Products to advertise” due to non-compliance with Advertising Standards. The page includes fake options to “Request a review” and “Unlock advanced features,” further enticing victims to provide their credentials.
This campaign threatens Facebook-dependent businesses worldwide by allowing cybercriminals to control their admin accounts, alter content, manipulate messaging, delete posts, and modify security settings. This can lead to negative consequences such as client trust erosion, customer attrition, and potential legal actions. For businesses in regulated industries like healthcare and finance, breaches can result in non-compliance, fines, and legal challenges, researchers noted.
It is worth noting that Facebook is often targeted in copyright infringement-based scams. Last year, Hackread reported a sophisticated scam targeting META business owners, claiming their page would be permanently deleted due to a post allegedly infringing on trademark rights, forcing them to click on malicious links under the guise of resolving policy violations.
Therefore, organizations should implement a clear incident response plan, including steps for recovering compromised accounts, setting up alert systems for suspicious logins and unusual account activity and training employees to verify Facebook account page status. These strategies can significantly reduce vulnerability to the campaign.
