Cofense Report Details Phishing Campaign Targeting Meta Business Accounts
May 2024 by Cofense
Cofense released a report detailing a complex phishing campaign spoofing Meta using violations of standards and copyright infringement to bypass multi-factor authentication (MFA) to steal business accounts.
Key findings include:
• These phishing emails, appearing to originate from Meta, claim that the account violated a policy or infringed on a copyright, putting followers of Meta business accounts at risk of malicious ad campaigns.
• Cofense has discovered a comprehensive toolkit enabling threat actors to create malicious links, verify if they are active threats, generate emails, and perform other additional tasks.
• Cofense has identified a high number of these emails in enterprise environments that are protected by Secure Email Gateways (SEGs).
• Based on Credential Phishing emails that Cofense has seen in 2024, Meta ranks second amongst the top spoofed brands, trailing only Microsoft.