Yesterday, we intercepted a phishing email purporting to be from eBay, informing recipients that key features of their account had been disabled until their identity could be verified.
Following this email, another variant of this phishing email has been detected – this time spoofing Facebook. Detected earlier this morning (AEST), the email is highly similar to the one supposedly from eBay in terms of style and content.
The email infiltrated Australian inboxes using the display name ‘Facebook’ with a domain to match and a subject beginning with the words ‘Account banned’. It begins its body by thanking recipients for ‘posting on Facebook’. It then goes on to say that that their ‘posting privileges’ have been temporarily ‘restricted’ because of several complaints on the nature of content that has been posted on their profile in the past.
The email then requests the recipient to aid in verifying their identity by providing scanned copies of valid IDs such as their Driver's Licence, Passport etc. It details a list of 4 steps on how to do so, along with information on what will happen after recipients have submitted the documents.
Here's a screenshot of the email:
This is a phishing email designed to harvest users’ confidential data for illicit purposes such as identity theft.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
This email scam exploits the trusting relationship Facebook’s large database of users hold with the well-established brand. By claiming to disable such a key feature of the platform, cybercriminals behind the scam aim to spark panic and concern among recipients, motivating them to rectify the situation as soon as possible. Several techniques have also been employed to boost the legitimacy of the email, such as a convincing sender domain and the incorporation of Facebook’s logo in the beginning of the email. In addition, cybercriminals behind this scam have also included information on what happens after recipients reply to this email. By stating that respondents will ‘receive an email confirmation’ acknowledging that their ‘account has been confirmed’, cybercriminals aim to boost the email’s authenticity as such standard follow-up action is expected of a well-established company such as Facebook.
Despite this, several red flags appear in the email that would make any eagle-eyed recipient conscious of its in-authenticity. These include grammatical errors such as ‘Selfie photo of you holding the passport’ as well as spacing issues.
If you have received this email, report it to phish@fb.com or through the report links that appear throughout Facebook. More information can be found on Facebook’s Help Centre.
MailGuard also detected another phishing email scam purporting to be from Facebook last week.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
One email
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside.
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
