Almost 40,000 phishing emails have been delivered to over 5,000 businesses using Facebook ads in the U.S., Canada, Europe, and Australia as part of a new attack campaign aimed at pilfering credentials and other sensitive data, The Register reports.Threat actors crafted fake Facebook Business pages and exploited the Business invitation feature to deploy malicious notifications seemingly from Meta that include account verification and other lures aimed at redirecting targets to credential phishing websites, according to Check Point Research. While the finance, hospitality, education, real estate, and automotive sectors have been subjected to the attack, most of the illicit emails have been aimed at small and midsize businesses."This campaign underscores a growing trend where cyber criminals weaponize legitimate services to gain trust and bypass security controls. While the volume of emails may suggest a spray-and-pray approach, the credibility of the sender domain makes these phishing attempts far more dangerous than ordinary spam," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds