A new wave of phishing attacks is making the rounds, and this time, cybercriminals are hiding behind Meta’s name. Users have started receiving emails warning that their Facebook or Instagram accounts are about to be suspended. But instead of coming from Meta, these messages are part of a sophisticated malware campaign designed to steal personal data.

How the scam works

The attack, first flagged by security firm Acronis and reported by Bleeping Computer, uses a technique called FileFix, a variant of the ClickFix malware family. Victims are told their accounts will be disabled within seven days unless they review an “incident report.” The link leads to a fake Meta support page, available in multiple languages, where users are urged to copy and paste a file path into their system.

What looks like a harmless report is actually a disguised PowerShell command. Once executed, it downloads StealC, an info-stealing malware capable of harvesting usernames, passwords, authentication cookies, cryptocurrency wallet keys, VPN credentials, and even screenshots of your desktop. In short, it can strip your digital life bare.

Unlike older ClickFix tricks that use the Windows Run dialog, FileFix abuses the File Explorer’s address bar, making it harder for users to spot the danger. This minor shift is proving effective in bypassing basic awareness of phishing scams.

How to protect yourself

Cybersecurity experts stress that the best defence is vigilance. Suspicious emails urging immediate action should always raise a red flag. Instead of clicking links, go directly to the official website or app to check if your account really needs attention.

Other safety steps include: Enable two-factor authentication (2FA): Even if your password is stolen, hackers won’t easily access your account.

Update antivirus software: Modern tools can catch malware before it does damage.

Educate users: Companies and individuals alike need to know how social engineering tricks like FileFix operate. But awareness alone may not be enough. Security researchers also advise keeping operating systems and browsers updated, since many malware families exploit unpatched vulnerabilities. Using password managers can further reduce risk by creating unique, complex credentials, meaning even if one login is compromised, the damage is contained.

It’s also worth remembering that Meta, like most major platforms, never asks users to paste commands into system dialogs or file explorers. If an email or webpage suggests unusual technical steps, it’s almost certainly a scam.