Ethical Hacking News
Phishing Expedition Targets 5K Facebook Advertisers: A Sophisticated Campaign to Steal Credentials and Sensitive Information
A recent phishing campaign targeting over 5,000 businesses using Facebook for their advertising needs has been uncovered by Check Point researchers. The attack involved tens of thousands of phishing emails sent from legitimate domains, with the goal of stealing user credentials and sensitive information. As the use of Meta platforms becomes increasingly prevalent in customer engagement across various industries, such campaigns underscore a growing trend where cyber criminals weaponize established services to bypass security controls.
Check Point researchers detected a massive phishing expedition targeting over 5,000 businesses using Facebook for advertising. The campaign sent tens of thousands of phishing emails from the legitimate facebookmail.com domain to steal credentials and sensitive information. The attackers used fake Meta notifications and created shell Facebook Business pages to bypass security filters and appear more convincing. Targeted industries, including automotive, education, real estate, hospitality, and finance, were particularly vulnerable due to their reliance on Meta platforms. Larger companies were targeted, with one receiving over 4,200 phishing emails, but fewer were affected due to advanced security measures and better email filtering capabilities. Cyber criminals are weaponizing legitimate services to gain trust and bypass security controls, making phishing attempts seem more credible. The incident highlights the importance of vigilance in online communications and the need for robust cybersecurity measures to protect against similar threats.
The world of online advertising has never been more vulnerable to sophisticated cyber attacks. Recently, Check Point researchers uncovered a massive phishing expedition targeting over 5,000 businesses that use Facebook for their advertising needs. The campaign, which involved tens of thousands of phishing emails sent from the legitimate facebookmail.com domain, aimed to steal credentials and sensitive information from unsuspecting users.
According to Check Point's report, the phishing emails were designed to look like genuine notifications from Meta, with many recipients receiving messages that appeared to come directly from Facebook. The attackers used this legitimacy to their advantage, creating shell Facebook Business pages that represented non-existent businesses. These pages allowed them to send phishing emails that not only bypassed security filters but also appeared more convincing due to the legit domain and urgent language such as "account verification required."
These tactics were particularly effective because many of the targeted industries - including automotive, education, real estate, hospitality, and finance - rely heavily on Meta platforms for customer engagement. As a result, employees in these sectors are frequently receiving genuine notifications from Meta, making it more likely that they would trust messages sent by attackers posing as legitimate Facebook alerts.
The phishing expedition was not limited to smaller businesses; the attackers also targeted larger companies, although fewer were hit due to various factors such as advanced security measures and better email filtering capabilities. Notably, one company alone received over 4,200 phishing emails, demonstrating the scale of this sophisticated attack.
Check Point researchers have emphasized that campaigns like this underscore a growing trend in which cyber criminals weaponize legitimate services to gain trust and bypass security controls. By using domains associated with established brands like Meta, attackers can make their phishing attempts seem far more credible than ordinary spam, making them all the more dangerous.
The incident highlights the importance of vigilance when it comes to online communications and the need for robust cybersecurity measures to protect against such threats. Given the scale and sophistication of this campaign, users beyond Check Point's customers should be on high alert to protect themselves from similar phishing attempts in the future.
We asked Check Point for more details about the campaign, including how many phishing emails resulted in compromised credentials and stolen data. However, as of our last update, we had not received a response regarding specific numbers.
Related Information:
https://www.ethicalhackingnews.com/articles/Phishing-Expedition-Targets-5K-Facebook-Advertisers-A-Sophisticated-Campaign-to-Steal-Credentials-and-Sensitive-Information-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/10/5k_facebook_advertising_customers_phishing/
Published: Mon Nov 10 12:47:47 2025 by llama3.2 3B Q4_K_M
