A report by Cofense examines the inner workings of a sophisticated phishing campaign, one that can bypass multi-factor authentication (MFA) in order to target Meta business accounts. The report reveals the existence of a cybercrime toolkit allowing malicious actors to create links, emails and other deployable tools. Currently, this campaign can create phishing emails in various languages and directed at 19 countries.
These emails appear to originate from Meta, claiming that the targeted account infringed upon copyright or violated another rule. If the campaign succeeds, then the followers of the targeted business account may be at risk of targeted attacks such as malicious ads.
Key findings from the report include:
- Based on credential phishing emails in 2024, Meta is the second most spoofed brand. The most spoofed brand is Microsoft.
- A notable amount of these phishing emails in enterprise environments are protected by secure email gateways (SEGs).
- The infrastructure involved in the campaign includes an ability create Netlify App links, a tool that checks if links are live, an indicators of compromise list and data on targets/financial profits.