More than 5,000 businesses that use Facebook for advertising were bombarded by tens of thousands of phishing emails in a credential- and data-stealing campaign.

Check Point researchers say that they spotted about 40,000 phishing emails sent to their customers across the US, Europe, Canada, and Australia - and they were sent from the legitimate facebookmail.com domain.

While most organizations received fewer than 300 messages, one company alone was hit with more than 4,200.

To pull off this phishing expedition, the criminals created shell Facebook Business pages representing businesses that don't exist, and then used the Business invitation feature to send phishing emails that look like the real deal.

This makes the fake notifications look more convincing because they appear to come dir

See Full Page