Cybercriminals are using targeted phishing attacks to obtain the administrator passwords of Facebook pages of several businesses and organizations. Potential victims include both small and large pages with tens of thousands of followers.
If a phishing attack is successful, the organization can lose a lot of money; not only that, they can also lose access to their pages!
The scam involves an attacker trying to lure admins to a login page that appears to be a Facebook login page, trying to scare them into verifying their account; if they don't confirm their account, they will have their privileges suspended.
The attack can be dangerous because if a site administrator gives out their details, they would soon be banned from their site. They would be flooded with either further phishing attacks or unsolicited advertising.
And this is a severe reputational risk, similar to having your company or organization's website hacked. There's not just a risk of loss of reputation; there's also a risk of financial damage and privacy issues if customers' data were compromised.
Fake phishing alerts are sent to admins in an official-looking Facebook notification, and the affected page is also included. The wording tries to look formal, but strange spelling issues can be revealing.
Tips to Keep Your Facebook Account
- Strong Password and Multifactor Authentications a must!
- Don't you be tricked by any message that may threaten to block or suspend your account.
- Don't open any suspicious links from an email; instead, head directly to your admin page and check for issues there.
- Check your page security settings and make sure your admin and user accounts are configured the safest way possible!
Facebook Security Center: