Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Common Facebook Scam Method

    Roger Grimes | Feb 27, 2026

    A friend posted this on Facebook and it came up on my feed.


    I know this person and I was so sorry to read. How horrific!

    I had no idea who was killed in the accident, so I clicked on the news story.

    It took me to a site that posted this:


    This is a real reCAPTCHA posted to filter out anti-malware and content filtering services. When I saw this I knew that this was a fake news story and that my friend’s Facebook account had been taken over by a scammer.

    Despite this, I clicked on the reCAPTCHA and it took me to a website that took me to a website that took me to a third website. It produced this:


    If you click on “Allow” (you shouldn’t), you are giving a malicious site the ability to interact with your system (using “notification” messages) even when you are not on the site and perhaps even not in your browser.

    The dialog box is a notification approval dialog box. They always have the same message, and usually the “Allow” and “Block” options (but these can vary). The scam website has the text, “Click Allow” to confirm that you are not a robot.

    This is intended to mix up the user between the previous real reCAPTCHA and the new notification approval dialog box.  This is 100% indicative of a scam.

    The best thing you can do is close the window and notify your Facebook friend that their account is compromised, although oftentimes they already know it. It is also important to report the profile as compromised to Facebook. I posted a comment telling everyone it was a scam and not to click, and usually that stays up, but the scammer could delete the warning message.

    I am glad to know no one I know was in this fatal auto accident. 

     

    Return To KnowBe4 Security Blog

    Don’t get hacked by social media phishing attacks!

    Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

    KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

    SPT-monitorHere's how the Social Media Phishing Test works:

    • Immediately start your test with your choice of three social media phishing templates
    • Choose the corresponding landing page your users see after they click
    • Show users which red flags they missed or send them to a fake login page
    • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/social-media-phishing-test

    Topics: Social Engineering, Human Risk Management

    Roger Grimes

    ABOUT ROGER GRIMES

    Roger A. Grimes, CISO Advisor for KnowBe4, Inc., is the author of 15 books and over 1500 articles, specializing in host security and preventing hacker and malware attacks. Roger is a frequent speaker at national computer security conferences and his presentations are fast-paced and filled with useful facts and recommendations.

    Read more from Roger »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    We Train Humans & Agents
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.