Phishing campaigns come in all different shapes and sizes. While traditionally phishing attacks often appear in front of us in the shape of an email, cybercriminals have ventured into sending phishing text messages and may even reach out on social media.

It’s why you should always be incredibly cautious when you are sent a message by a person you don’t know. Often these cybercriminals will pose as a reputable organization, hoping to trick unsuspecting victims into turning over valuable information, or downloading malicious attachments, by eliciting an emotional response.

In this installment of the BlackCloak Thursday Threat Update, we’ll look at a phishing campaign targeting Facebook Messenger accounts and a data breach where more than 240,000 Social Security numbers were exposed.


Facebook Messenger phishing campaign targets 100K business accounts weekly

What we know: Security researchers have discovered a phishing campaign where cybercriminals are sending malicious messages to Facebook Messenger business accounts. Cybercriminals have leveraged fake and compromised accounts to send phishing messages that may ask for additional information about a given product, or claim that copyright violations have occurred. The phishing message will include a batch file that will drop malware should it be downloaded by the target. Guardio Labs, the researchers who reported on the campaign, said roughly one out of every 70 targeted accounts has been compromised in this wave of attacks.

Recommendations: When you receive a message from someone you don’t know, do not click on any links or attachments sent by the unknown individual. You run the risk of downloading malicious malware onto your device, which could lead to the loss of valuable, sensitive information. Additionally, it’s always important to remember that no reputable organization will ever send you a message asking for login credentials or other personal information to remedy a problem, and they certainly will not do so through a social media platform.


Hundreds of thousands of SSNs compromised in orthopedic data breach

What we know: Bienville Orthopaedic Specialists disclosed to the Attorney General of Maine that it experienced a data breach. The Mississippi-based provider found unauthorized individuals were able to access patients’ names, medical information, passwords and financial account information. At least 240,000 patients had their Social Security numbers exposed in the incident as well.

Recommendations: In its data breach notice, Bienville said it will be offering complimentary credit monitoring and identity protection services through Experian. Instructions for how to do so are included in the breach notice. Patients should also change their passwords as soon as possible to one that is complex and unique, and monitor their financial and credit accounts for any signs of suspicious activity.


Don’t fall victim to phishing attacks

Phishing attacks may make you feel a bit paranoid, but you don’t need to be afraid. By knowing the hallmarks of a phishing scam, you can identify a phony message and keep yourself and your data safe.

Learn more about how phishing attacks work, and the ins and outs of SMS text message phishing attacks, commonly known as “smishing.”