Find out in our free webinar how the DEFENDERBOX makes your IT infrastructure more secure. Register here now!

DEFENDERBOX - Simple. Fast. Safe.
Test now

New phishing wave

With Facebook redirects

In recent weeks, security teams have observed a sophisticated phishing campaign: Facebook’s own forwarding mechanism is being misused to redirect users to deceptively real login replicas and steal login data.

The attackers disguise malicious targets behind seemingly legitimate Facebook URLs (e.g. l.facebook.com/l.php?u=…), exploiting both automated scanners and human trust in the Facebook domain.

Tactics

The phishing emails are formulated as urgent security warnings or account notifications. They are visually based on the Facebook style and use social engineering to persuade recipients to click.

The link initially shows a Facebook domain and thus creates a feeling of credibility. Ultimately, however, the URL redirects to an attacker infrastructure that is an almost perfect copy of the Facebook login page.

Once the credentials have been entered, they are sent to the attackers. In some cases, the fake page then generates an “incorrect password” message to persuade the victim to enter a second set of credentials — and thus obtain the valid credentials.

Why this technique is so effective

Forwarding services of large platforms legitimately serve as a protection mechanism, while at the same time generating trust among users.

Attackers reverse this advantage of trust: The legitimate domain serves as a cloak for the malicious target address, bypassing email gateways and user skepticism. The campaign is also rolled out in several languages, which significantly increases its reach.

Concrete protective measures for companies and IT teams

  1. Be suspicious of links — always check the final target URL (hover/link preview) and do not follow blindly.
  2. Enforce Multi-Factor Authentication (MFA) — even with compromised passwords, MFA significantly reduces the damage.
  3. Hardening email security — integrating URL reputation, link sandboxes and heuristic analyses.
  4. Phishing simulation and awareness programs — Repeated training significantly reduces click rates.

Conclusion

This campaign shows: Attackers are adapting and using legitimate platform functions to their advantage.

For companies, this means not only strengthening technical defenses, but also processes, Awareness and responsiveness on an ongoing basis.

If you take action now — roll out MFA, carry out phishing checks and train employees — you will significantly reduce the risk.

With the DEFENDERBOX we offer companies a proactive approach to cyber security:

  • Continuous scanning of the entire infrastructure
  • Detecting security vulnerabilities before attackers exploit them
  • Clear recommendations for technical and organizational measures
  • Integration of security checks into existing processes and audits

In this way, we help companies to turn IT security from a purely IT issue into a strategic success factor.

👉 Do you want to know how your IT security is doing? Find out now here Start cyber check. 

Stay vigilant — your IT will stay that way with us. 

Image source: X

How vulnerable is your company really?

Find out — with the DEFENDERBOX.

  • Install via Plug & Play.
  • IT infrastructure can be checked automatically.
  • Recognize security gaps before others do and before it is too late.
TEST NOW
Managed Security Service

Your cyber security is our mission! Automated pentesting — the highest managed security service especially for SMEs.

News
Home page
en_USEN
de_DEDE en_USEN