Screenshot of a fake Facebook login page used in a phishing attack exploiting Facebook’s URL redirect service to steal user credentials.

A new phishing campaign is targeting Facebook users with convincing emails that mimic official security alerts. These messages warn of unauthorized access or prompt users to verify their accounts, using Facebook’s branding and design to appear authentic. The emails are sent in multiple languages, increasing their reach and potential impact.

Screenshot of a fake Facebook login page used in a phishing attack exploiting Facebook’s URL redirect service to steal user credentials.Screenshot of a fake Facebook login page used in a phishing attack exploiting Facebook’s URL redirect service to steal user credentials.

The attackers exploit Facebook’s external URL redirect service to mask malicious links, which lead victims to fake Facebook login pages. When users enter their credentials, the data—including email addresses, phone numbers, and passwords—is captured by the attackers. The fake page then displays an “Incorrect password” error, prompting users to re-enter their details and unknowingly provide valid login information.

Screenshot of a fake Facebook login page used in a phishing attack exploiting Facebook’s URL redirect service to steal user credentials.Screenshot of a fake Facebook login page used in a phishing attack exploiting Facebook’s URL redirect service to steal user credentials.

This technique effectively bypasses link scanners and reduces user suspicion, making the phishing campaign particularly dangerous. The stolen credentials are stored on attacker-controlled servers for later use, posing a significant threat to Facebook users’ account security.
 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security