SECURITY
SECURITY
SECURITY
‘Meta-Phish’ campaign leverages Facebook for phishing attacks
Researchers at Trustwave Holdings Inc.’s SpiderLabs today detailed a new campaign that leverages Facebook infrastructure for phishing attacks and the theft of personally identifiable information.
Dubbed “Meta-Phish,” the campaign starts with phishing emails that point to actual Facebook posts instead of the typical malicious phishing link. The content on Facebook is crafted to appear legitimate, complete with a dummy “Page Support” profile with the Facebook logo as its display picture.
The message contains a copyright violation message that at first glance looks legitimate, but the link provided leads to an external page that mimics Facebook’s copyright appeal page.
Users, having been tricked so far into thinking this is all legitimate, are asked to enter details onto the page with any information stolen the moment they hit the send button. In addition, the attackers receive the victim’s IP and geolocation information. The information stolen is sent to a Telegram account via a Telegram Bot application programming interface using HTTPS.
Victims who have gotten this far into the scam are then redirected to a new phishing page and presented with a fake One Time Password Check. Any value the users enter leads to an error message with a popup that reads, “Need another way to Authenticate?” If users click “Get Code,” they are then redirected to Facebook to log in.
Most of the URLs used in the campaign use free web hosting sites or short URL services that redirect to the destination phishing site. Some alternatively use newly registered domains that are not affiliated with Facebook or Instagram.
The researchers do not note how widespread the phishing campaign is but instead point to posts and pages used in the campaign that can easily be found on Facebook by typing in “appeal form” in the search box. SiliconANGLE tested this theory and discovered dozens of fake accounts named Appeal Form (pictured), suggesting that the campaign is highly active.
Users are advised to be extra-careful when receiving alleged violation notices from Facebook and should not be fooled by the apparent legitimacy of the initial links.
Image: Facebook/SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
