A new global phishing threat named βMeta Mirageβ is targeting Meta Business Suite users to hijack high-value accounts through impersonation and malicious links. This campaign employs trusted cloud platforms and convincing fake alerts to deceive users into revealing sensitive information or stealing cookies.
Affected: Meta Business Suite, businesses using Meta accounts, online users
Keypoints
- The βMeta Mirageβ campaign uses impersonation of official Meta communications to deceive users.
- Cybercriminals host fake pages on trusted cloud platforms like GitHub, Firebase, and Vercel to evade detection.
- The attackers employ tactics such as credential theft and cookie theft to compromise accounts.
- The phishing messages escalate in urgency, prompting quick user actions without proper verification.
- Security recommendations include using official devices, enabling 2FA, reviewing account settings, and staff training.
Read More: https://thehackernews.com/2025/05/ctm360-identifies-surge-in-phishing.html