Recently, the North West region has seen a sharp increase in reports from businesses who have been victims of attacks against their company Facebook profile(s). The Attackers are compromising Facebook accounts, changing details and then demanding the victims pay a ransom to regain access.
The Attackers use varying tactics to gain access to the business account initially, this could be through a Phishing attack against an employee, finding a leaked password on the internet, or guessing the password if it is weak.
Once inside, they change the email address and password of the account so that the business no longer has access and the Attacker has complete control.
MoneyWeek recently also posted on this topic saying that a growing number of businesses have had ad accounts hacked, and found themselves with a large bill run up by their attackers. This scam sees the hackers access the business’s settings, enabling them to change spending limits and other controls. It can be difficult to put a stop to this fraud, even after the business has spotted the problem.
From here the Attacker will set up recurring advertisement payments using the bank details - those of the victim - associated with the account. While this is high risk and can be very costly to the business, the Attacker uses the payments as a lure for further extortion by demanding the victim pay a ransom to regain access to their Facebook account.
If the victim refuses to pay the ransom, it has been reported that the Attacker will then post extreme and/or indecent content on the business's account. This forces Facebook to close the account, however, this does not stop the advertisement charges so the business still suffers financial losses.
The combination of the financial losses and the disastrous reputational damage from the content the Attacker posts mean this is a very high-risk threat.
The first step of these attacks is commonly a Phishing Attack to try and steal login credentials (username & password) from a business employee - ,Security Awareness Training has been proven as one of the best ways to combat this.
This is where we come in, our highly trained consultants can conduct Security Awareness Training sessions for your business. Click ,here to contact us and learn more.
We can also offer your business a ,Cyber Health Check that will provide your business with a summary of any Cyber Risks and an action plan which will help protect you against the latest cyber threats.
Click to Open Code Editor