Phishing Actors Are Taking Advantage of Facebook’s Small Business Grants Program

  • Facebook users are getting tricked by phishing actors who are using hastily made pages.
  • The victims are entering highly sensitive data on the phishing forms and lose access to their FB accounts.
  • The actors use the victim’s FB account to trick their friends and contacts and trick them into sending them money.

Facebook has recently decided to support small business owners who were impacted by COVID-19, offering $100 million in cash grants and ad credits to help them get by during this challenging time. Obviously, Facebook needs active businesses on its social media platform because this creates an environment that helps user data generation and collection. But Facebook is also doing this as a booster to their “social responsibility” image.

Already though, phishing actors are actively tricking business owners using this grant program as a bait. According to a report by Kaspersky, crooks are presenting the program as if it was meant to dispense money to all Facebook users since, obviously, not everyone out there has read and understood the details and prerequisites for the particular support scheme.

The victims are approached through a message that contains a fake CNBC article, which is meant to help convince the recipient. The URL of the post isn’t starting with “,” and there are multiple grammar errors in the article itself. Still, hopeful users may miss these clear indicators of fraud.

Source: Kaspersky

The users who believe the story and click on the link are taken to a phishing page. There, they are asked to specify how many years they have been using Facebook. Kaspersky says the phishing page appears to be the product of a hasty operation, as most links don’t work, and grammar on the content is still a giveaway for its real nature. The URL doesn’t even contain the word “Facebook” anywhere, so the indications of fraud are literally everywhere.

Those who ignore all that and continue hoping that they’ll get money from Facebook will be requested to enter their FB account credentials next. Once they do, they are redirected to the next form, which asks them to fill out their home address, social security number, and even a scan of their ID. This is supposedly requested to confirm the applicant’s identity, and the phishing page is even generating warnings if anything is left blank.

Once everything is filled out and submitted, the victim sees a confirmation message and a promise that they will be contacted soon about their application. The crooks then use the stolen FB credentials to log in to their victims’ accounts and try to trick their friends. Extracting money from them by making false claims about an urgent situation is a common method in this step.

NBA 2023 Live Stream: How to Watch Basketball Online from Anywhere
The wait is almost over, and basketball fans worldwide can finally look forward to the start of the 2023/24 NBA season. The...
How to Watch 2023 NHL Without Cable: Live Stream Hockey Games Online from Anywhere
The 2023/24 season of the National Hockey League is finally upon us, and fans are gearing up to watch the hard-hitting action...
NFL 2023 Live Stream: How to Watch Football Online from Anywhere
The 104th season of the National Football League is already underway, and we anticipate some thrilling action in the coming months. The...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari