SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Kaspersky alerts businesses to complex Facebook scam

Yesterday

Kaspersky has revealed a new phishing scam targeting businesses using Facebook for promotional activities.

The scam involves emails sent to businesses, purporting to be from Meta for Business, that claim recipients' pages contain prohibited content and require explanations to avoid account suspension. The scammers' objective appears to be gaining access to users' business accounts.

The phishing emails began reaching users on 14 December, as seen in Kaspersky's anonymized data, with reports coming from organisations globally, including the Asia Pacific region. Examination of these emails reveals that the "From" field does not feature an official Facebook domain. Furthermore, these scam emails originate from various domains.

The email directs recipients to Facebook Messenger, where a fake support team account seemingly validates the authenticity of the communication, creating a false sense of security. A small indication shows it might be a fan page, but can be overlooked during stressful situations when users are accused of sharing forbidden content.

This scam is distinguished by its complexity, as it replicates internal communication on the Facebook platform, differing from earlier scams which accused users of copyright breaches and prompted responses via email.

Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky, commented: "In 2025, we anticipate a rise in attacks leveraging social engineering and user trust in major platforms. Scams like this are becoming more sophisticated as attackers strive to mimic official services closely.

"Users must remain vigilant, verify the authenticity of messages, and avoid clicking on suspicious links. We strongly advise users not to engage with suspicious accounts and to activate additional security measures, such as two-factor authentication.

"If you receive such an email, report the incident to Facebook's support team and update your passwords immediately if any information has been compromised."

Previously, Kaspersky reported another phishing attempt to seize control of business accounts on Facebook.

Kaspersky advises users to employ two-factor authentication whenever possible, closely monitor notifications about suspicious login attempts, and ensure that all passwords are both strong and unique. Utilising a password manager to generate and store passwords is recommended. Users should verify the legitimacy of web addresses requesting account credentials to avoid entering passwords on counterfeit sites. Additionally, equipping all devices used for work with comprehensive protection can prevent the execution of malware and harmful browser extensions.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X