Researchers at Abnormal Security have released details pertaining to a phishing campaign targeting Facebook users. The phishing campaign aims to steal passwords to the popular social media platform. Researchers state that the phishing emails claim to be coming from Facebook employees and warn that the account might be disabled or removed due to content violations. The victim is asked to appeal the report by clicking on a link embedded in the email, which leads the target to a Facebook post. Part of the fake appeals process includes asking users to provide sensitive information, such as password, name, and email address.
All of the information the target puts into the phishing page is harvested by the attacker, who can then use it to login to a victim’s Facebook page and potentially logs them out of it. If the password is used on any other sites, the attackers can leverage the credentials and break into other accounts. Phishing accounts like this one are successful because they create a sense of urgency.
Read More: This sneaky phishing attack tries to steal your Facebook password
