This devious phishing campaign uses Facebook messages to trick its victims

A newly-discovered phishing campaign has been found using fake copyright infringement notices from Facebook to dupe users into giving away their account details.

According to analysts from cybersecurity firm Trustwave, these fake messages claim that the user will have their account deleted in 48 hours unless they fill out an appeal form to protect themselves. 

This appeal form then collects key personal data about the user, which can put the unwitting recipient at far greater risk of issues like ID theft.

How exactly does it work?

The phishing attack is delivered via an email to the recipient’s inbox, which contains a link to a real Facebook post.

The user is then redirected to a fake, custom-built Meta-branded customer support site.

This site collects the user’s real name, phone number, and address, which combined with their IP address and location, is reportedly stored by the hacker and sent to a Telegram account using HTTPS.

Users are then reportedly directed to another fake page, where they are faced with a One Time Password Check, which inevitably fails.

After this, if choose to click on a pop-up reading “Need another way to Authenticate?”, they are then redirected back to the real Facebook site.

Trustwave advises users to be careful if they received copyright violation notices purporting to be from Facebook.

Facebook remains an extremely popular attack vector for would-be cybercriminals. 

In October, cybersecurity researchers uncovered a campaign known as “ducktail”.

Targeting businesses running Facebook advertising campaigns, “ducktail” installs malware on the victim’s machine, which then nabs valuable information such as crypto wallet addresses.