Facebook pages targeted: new phishing campaign

Social media pages are increasingly the object of interest by actors interested in taking possession of them. This interest can have different purposes, for example:

• hijacking them for ransom
• using them to spread scams, scams or other illegal content
• launching marketing campaigns with promotional tools

In these early days of January 2024, we spotted a first campaign contacting several Facebook pages with the following message:

This is a scam that leads the moderator or administrator of the page to click on the link.

We advise everyone not to click on the link under any circumstances!

If you click on the link, you will inadvertently be redirected to a page whose purpose is to obtain access data for your Facebook page.

• never use links provided by strangers: use your favourites, the functions of the application or site
• make sure you have two-factor authentication (2FA) enabled for your account (normally found in your account settings)
• check that there are no other moderators/administrators in the page and/or campaign settings: if there are unauthorised or no longer involved people, remove them
• a further security tool is certainly security software on your computer (in this case an antivirus is not sufficient, as the campaign is phishing)

When in doubt

If you have doubts or misgivings, contact someone you trust through channels you usually use.

Unfortunately, social platforms (Meta, X, etc.) provide little or no support to their users, even in these cases. Losing your page could have profound and discouraging impacts, especially if you use it for work or promoting your business.

Wary, unfortunately, is the safest course.