BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.
The Facebook posts have captions like “I can't believe he is gone,” accompanied by thumbnails of news articles involving car accidents or crime scenes. Users are more likely to click on the links since they’ve been posted by a friend’s account. The links lead to phishing sites that ask users to enter their Facebook credentials in order to view the videos.
“To entice a visitor to enter their password, they show what appears to be a blurred-out video in the background, which is simply an image downloaded from Discord,” BleepingComputer says.
“If you enter your Facebook credentials, the threat actors will steal them, and the site will redirect you to Google. While it is not known what the stolen credentials are used for, the threat actors likely use them further to promote the same phishing posts through the hacked accounts....This phishing scam is widely spread, with BleepingComputer seeing numerous posts created each day by friends and family who unwittingly had their accounts hacked through the same scam.”
BleepingComputer notes that enabling multi-factor authentication will give your Facebook account an extra layer of protection against phishing attacks.
“As this phishing attack does not attempt to steal two-factor authentication (2FA) tokens, it is strongly advised that Facebook users enable 2FA to prevent their accounts from being accessed if they fall for a phishing scam,” BleepingComputer says. “Once enabled, Facebook will prompt you to enter a unique one-time passcode each time your credentials are used to log in to the site from an unknown location. As only you will have access to these codes, even if your credentials are stolen, they cannot log in.”
It’s worth keeping in mind, however, that some phishing attacks will attempt to trick you into entering a 2FA code as well.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
BleepingComputer has the story.