Phishing Actors Are Taking Advantage of Facebook’s Small Business Grants Program

• Facebook users are getting tricked by phishing actors who are using hastily made pages.
• The victims are entering highly sensitive data on the phishing forms and lose access to their FB accounts.
• The actors use the victim’s FB account to trick their friends and contacts and trick them into sending them money.

Facebook has recently decided to support small business owners who were impacted by COVID-19, offering $100 million in cash grants and ad credits to help them get by during this challenging time. Obviously, Facebook needs active businesses on its social media platform because this creates an environment that helps user data generation and collection. But Facebook is also doing this as a booster to their “social responsibility” image.

Already though, phishing actors are actively tricking business owners using this grant program as a bait. According to a report by Kaspersky, crooks are presenting the program as if it was meant to dispense money to all Facebook users since, obviously, not everyone out there has read and understood the details and prerequisites for the particular support scheme.

The victims are approached through a message that contains a fake CNBC article, which is meant to help convince the recipient. The URL of the post isn’t starting with “cnbc.com,” and there are multiple grammar errors in the article itself. Still, hopeful users may miss these clear indicators of fraud.

Source: Kaspersky

The users who believe the story and click on the link are taken to a phishing page. There, they are asked to specify how many years they have been using Facebook. Kaspersky says the phishing page appears to be the product of a hasty operation, as most links don’t work, and grammar on the content is still a giveaway for its real nature. The URL doesn’t even contain the word “Facebook” anywhere, so the indications of fraud are literally everywhere.

Those who ignore all that and continue hoping that they’ll get money from Facebook will be requested to enter their FB account credentials next. Once they do, they are redirected to the next form, which asks them to fill out their home address, social security number, and even a scan of their ID. This is supposedly requested to confirm the applicant’s identity, and the phishing page is even generating warnings if anything is left blank.

Once everything is filled out and submitted, the victim sees a confirmation message and a promise that they will be contacted soon about their application. The crooks then use the stolen FB credentials to log in to their victims’ accounts and try to trick their friends. Extracting money from them by making false claims about an urgent situation is a common method in this step.