DarkReading.com reported that “Facebook lead-generation forms are being repurposed to collect passwords and credit card information from unsuspecting Facebook advertisers.”  The September 13, 2022 report entitled “Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign” (https://www.darkreading.com/attacks-breaches/cyberattackers-abuse-facebook-ad-manager-credential-harvesting-campaign) included these comments:

According to a Tuesday report by the security research team at Avanan, attackers are sending phishing messages that appear to be urgent warnings from Meta’s “Facebook AdManager” team. The messages claim the victim is not complying with the company’s ad policies and that the ad account will be disabled if the target doesn’t appeal the phony violation.

“Hackers are leveraging sites that appear on static Allow Lists,” explained Jeremy Fuchs, cybersecurity researcher for Avanan, in the report. “That means that email security services have broadly decided that these sites are trustworthy, and thus anything related to them comes through to the inbox.”

Additionally, using Facebook Ads forms also offers a high degree of verisimilitude for any of the eight billion advertising users that Facebook works with who are already familiar with the Ads Manager platform and the lead-generation forms it produces.

Obviously Facebook is a great target, so watch out!