Threat Actors Target EI-ISAC Members with Fake Facebook Email

What was inside the email?

• The email displayed Facebook Business as its sender, and the email arrived with the subject line "Facebook Copyright #10034576734223762."
• The body of the email informed EI-ISAC that Facebook had taken down some of its content, as the result of a copyright infringement. 
• The email included a working Facebook link to provide additional context. 
• The link was meant to serve the purpose of further increasing the chances of communication with the sender to get their login information.

Fake e-mail symptoms

• The sender's email address, "metahelp1255@outlook[dot]com." indicates that something phishy going on as the domain name here is "outlook.com," not "facebook.com" or "meta.com."
• The physical address included in the footer which states Meta/Facebook is located at "1 Facebook Way," is incorrect. Its headquarters' address is actually "1 Hacker Way."

Reasons behind the attack

• The primary goal seems to be stealing Facebook login passwords and other information from EI-ISAC members.
• Impersonation attacks can lead to misinformation like changes in polling hours and locations. 
• Misinformation might lead to people missing out on the opportunity to vote.
• Spread fear and uncertainty about the security of the vote.
• Voters might just give up voting for that election cycle thus destabilizing the election process.

How to stay safe?

• Investing in network monitoring and logging. 
• Focus on security awareness training. 
• Impart knowledge to employees to recognize common cyber hoax scams.

Final thoughts