According to security researchers at Avanan, attackers are using the power of Facebook’s branding to craft emails that seem to be legitimate Facebook Ads Manager communications. The attackers are seeking credentials and attempt to lure targets into giving up logins and credit card information under the guise of Facebook ads. Avanan released a report on Tuesday addressing the attack. The attackers convey urgency and masquerade as official communications from the AdManager team. The messages claim that the victim is not complying with company ad policies and threatens to disable the account.
The phishing messages give the target an opportunity to appeal, and state that the account will be shut down if they do not. The appeal form link takes the user to a credential harvesting site that collects passwords and credit card information. One aspect of the campaign is that the attackers are leveraging the legitimate Facebook ads system to create lead-generation forms with malicious intent. Therefore, the malicious site is not hosted on a sketchy IP and fools automated software checks used by messaging platforms.
Read More: Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign