Popular social media platforms continue to make headlines–whether for poor cybersecurity practices or the user risk of being breached when you use a particular platform. Twitter, TikTok and now Facebook. The latest phishing campaign uses Facebook posts to trick users into sharing account credentials and other personal information. This blog will explain this new phishing strategy and what this means for businesses’ email security.
A Facebook Phishing Attack Strategy
How does it work? Hackers send fraudulent emails to users pretending to be Facebook. The emails claim to report a copyright infringement on a recipient’s Facebook post. The false warning tells the user their account will be deleted within 48 hours unless they file an appeal.
Facebook hackers are utilizing the commonly used scare tactic of providing a tight timeline until action–in this case, ‘act now, or your account will be deleted.’ The tactic is intended to create a sense of fear and urgency among users to create action (and a successful breach).
Furthermore, hackers use an actual Facebook post ‘link’ for the appeal to bypass email security solutions and guarantee their phishing message successfully reaches the target’s inbox.
Why Aren’t These Posts Flagged?
This latest phishing scheme follows a popular tactic of using URL shorteners for linking. You may be familiar with regularly used link shorteners, such as Bitly. Marketers and others commonly use these to shorten long URLs, such as blog links. Hackers exploit their common usage to provide familiarity to their victims while utilizing link shortening to evade getting flagged and removed by Facebook.
Victims of the scheme land on these compromised Facebook posts from either phishing emails or instant messages sent via Facebook.
Improve Your Email Security
Attacks on powerhouses like Facebook have many businesses questioning their own email security practices. When it comes to advanced phishing schemes, email security, and best practices, there are a few simple steps your business can follow to ensure you are properly protecting your email security.
- Never click unknown links in an email. Always confirm the sender via phone call first.
- Never download unknown attachments from an email. Always confirm the sender first.
- Check the sender’s email address. Most reputable companies will use “@companyname” rather than a basic “@gmail.com” address. This can be a clue to a phishing email.
- Upgrade to an email security solution with advanced threat protection. Ask us if you have questions about the best options.
- Educate employees with regular user training to identify the signs of a malicious email and report attempted attacks.
- Implement organization-wide use of multi-factor authentication to prevent account compromise.
- Move high-risk processes and transactions to more authenticated systems. Never share passwords or other sensitive data over email.
Cybersecurity Best Practices
At Clarity Technology Group, we strive to achieve best practices across the spectrum regarding cybersecurity. Our priority is to be proactive for all our clients, offering innovative and specialized solutions depending on your industry and business size. If you would like to talk with a member of our team about what we can provide your business, please get in touch with us here.