A phishing campaign is impersonating well-known brands like Disney and Mastercard to steal Google Workspace and Facebook business account credentials. The attackers use fake Calendly invitations to lure victims, leading them to phishing pages designed to capture sensitive login information. The campaign employs advanced techniques to bypass security measures, making it a significant threat.

Attackers are sending convincing phishing emails that appear to come from Facebook, targeting small and medium-sized businesses. Using the official @facebookmail.com domain, they trick victims into clicking links to credential harvesting sites. Companies in various sectors, including finance and education, have been particularly affected.

Facebook has announced support for passkeys, a feature designed to enhance security by reducing the risk of phishing attacks. This move aligns with the broader industry trend towards passwordless authentication methods, aiming to make online experiences safer for users. The integration of passkeys allows users to log in using biometric data or security keys instead of traditional passwords.