Meta is the second most commonly imitated brand for credential phishing

Meta is the second most commonly imitated brand for credential phishing

A recent report by Cofense delves into the intricate details of a sophisticated phishing campaign designed to circumvent multi-factor authentication (MFA) in order to target Meta business accounts. The report uncovers the existence of a cybercrime toolkit that enables malicious actors to craft links, emails, and other deployable tools. This campaign is currently capable of generating phishing emails in multiple languages aimed at 19 different countries.

These emails masquerade as originating from Meta, alleging that the targeted account has infringed upon copyright or violated other regulations. Should the campaign be successful, followers of the targeted business account may be susceptible to targeted attacks, such as malicious advertisements.

Notable findings from the report comprise the following:

  • According to 2024 data on credential phishing emails, Meta ranks as the second most spoofed brand, with Microsoft claiming the top spot.
  • A substantial portion of these phishing emails within enterprise settings are shielded by secure email gateways (SEGs).
  • The infrastructure utilized in the campaign encompasses the capability to generate Netlify App links, a tool for verifying link viability, a compiled list of indicators of compromise, and data regarding targets and financial gains.

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC