According to a team of security researchers, there is an ongoing cybercriminal campaign to target marketing and HR professionals with malware in order to hijack their Facebook Business accounts. The threat, originating in Vietnam, appears to be driven solely by financial purposes.
The scam works by targeting employees via LinkedIn who may have high-level access to Facebook Business accounts. Then, the cybercriminals whittle down their field of potential targets to avoid drawing suspicion and convince them to download a legit-seeming file from a cloud server. Of course, once this file is downloaded, it unleashes a malware system that can completely take control of their Facebook account.
“The recipient — in this case, the threat actor — then interacts with the emailed link to gain access to that Facebook Business. This mechanism represents the standard process used to grant individuals access to a Facebook Business, and thus circumvents security features implemented by Meta to protect against such abuse,” security researcher and malware expert Mohammad Kazem Hassan Nejad said.
For its part, Facebook says that it is aware of these scammers and that it “regularly enforces” against them. But despite the company’s assurances, it’s always a good idea to be careful what links you interact with on the platform — and what you download from a stranger.
Choose what the experts use: award-winning cybersecurity you can trust and rely on.
Surf the web truly incognito. Try Bitdefender Premium VPN, the ultra-fast VPN that keeps your online identity and activities safe from hackers, ISPs and snoops.