This article discusses a sophisticated phishing campaign targeting users of Meta Business accounts, utilizing fake alerts claiming advertising violations. The deception is heightened by the use of a fake chat support system that guides users to input sensitive account information. Immediate caution is advised for businesses relying on social media for marketing. Affected: Meta Business accounts, Instagram users, online advertisers
Keypoints :
- Businesses receive phishing emails claiming their ads are suspended due to violations.
- The email prompts users to click a link for resolution, redirecting them to a fraudulent page.
- The attacker impersonates Meta support through fake chatbots for capturing user information.
- Phishing methods include fake tech support and a guide for adding Two-Factor Authentication (2FA).
- The campaign mimics legitimate communications, making detection difficult for users.
- Victims are encouraged to provide sensitive account details, including screenshots.
- Users must be vigilant about verifying the legitimacy of such communications.
MITRE Techniques :
- Phishing (T1566): Attackers use fraudulent emails to trick users into revealing credentials.
- Credential Dumping (T1003): The phishing campaign aims to capture usernames and passwords.
- User Execution (T1203): Users are manipulated into clicking malicious links, triggering exposure of their credentials.
Indicator of Compromise :
- [URL] hXXps://businesshelp-manager[.]com
- [URL] hXXps://link[.]engagezc[.]com/b/DthfdUh51xpmxoZc44di0w
- [IP Address] 44[.]238[.]235[.]140
- [IP Address] 44[.]239[.]125[.]1
- [IP Address] 172[.]67[.]205[.]110
Full Story: https://cofense.com/blog/clickbait-to-catastrophe-how-a-fake-meta-email-leads-to-password-plunder