Trustwave SpiderLabs previously released two blogs about Facebook and Instagram phishing. The common denominator between these two articles is the use of phony notifications which lure victims into thinking that they have allegedly committed a violation of terms. The victim must then make an appeal through a crafted phishing page to avoid losing access to their account. This social engineering tactic is not new, but cybercriminals are constantly innovating, creating ever more sophisticated ways to evade security controls and filters.
Recently, TrustWave came across another example that operates in the same vein, which we have dubbed Meta-Phish. A successful Meta-Phish attack could result in the loss of Personally Identifiable Information (PII), login credentials, and Facebook profile link.