Phishing Campaign Exploits Meta Verification and 2FA to Harvest Credentials
What Happened — A credential‑phishing operation impersonates Meta’s “Verified” badge and 2‑factor authentication (2FA) process. Victims receive a spoofed email that directs them to a Google Form and a Vercel‑hosted landing page, where they are asked to submit login credentials and 2FA tokens.
Why It Matters for TPRM —
- Attack leverages trusted brand cues, increasing success rates against both individual and corporate Meta accounts.
- Compromise of employee or business social‑media accounts can lead to data leakage, brand impersonation, and downstream supply‑chain phishing.
- The use of legitimate services (Google Forms, Vercel) makes detection harder for traditional URL‑filtering controls.
Who Is Affected — Social‑media users, marketing teams, and any organization that relies on Meta platforms for communication, advertising, or customer engagement (primarily TECH_SAAS and PROF_SERV sectors).
Recommended Actions —
- Educate users on the verified‑badge phishing pattern and the danger of submitting 2FA codes to any third‑party form.
- Enforce MFA policies that never require token entry on external sites; use push‑based or hardware‑based methods.
- Deploy email authentication (DMARC, SPF, DKIM) monitoring to flag spoofed “Meta Verified” senders.
- Add domain‑allow lists for known Meta URLs and block suspicious Vercel sub‑domains.
Technical Notes — Attack vector: phishing email → Google Form → Vercel‑hosted spoof page → credential capture. No CVE involved; the abuse hinges on brand impersonation and social engineering. Data collected includes usernames, passwords, and one‑time 2FA codes. Source: Cofense Intelligence