Facebook Phishing Scams Target Concerned Friends and Family

Facebook Themed ScamBleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.

The Facebook posts have captions like “I can't believe he is gone,” accompanied by thumbnails of news articles involving car accidents or crime scenes. Users are more likely to click on the links since they’ve been posted by a friend’s account. The links lead to phishing sites that ask users to enter their Facebook credentials in order to view the videos.

“To entice a visitor to enter their password, they show what appears to be a blurred-out video in the background, which is simply an image downloaded from Discord,” BleepingComputer says.

“If you enter your Facebook credentials, the threat actors will steal them, and the site will redirect you to Google. While it is not known what the stolen credentials are used for, the threat actors likely use them further to promote the same phishing posts through the hacked accounts....This phishing scam is widely spread, with BleepingComputer seeing numerous posts created each day by friends and family who unwittingly had their accounts hacked through the same scam.”

BleepingComputer notes that enabling multi-factor authentication will give your Facebook account an extra layer of protection against phishing attacks.

“As this phishing attack does not attempt to steal two-factor authentication (2FA) tokens, it is strongly advised that Facebook users enable 2FA to prevent their accounts from being accessed if they fall for a phishing scam,” BleepingComputer says. “Once enabled, Facebook will prompt you to enter a unique one-time passcode each time your credentials are used to log in to the site from an unknown location. As only you will have access to these codes, even if your credentials are stolen, they cannot log in.”

It’s worth keeping in mind, however, that some phishing attacks will attempt to trick you into entering a 2FA code as well.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

BleepingComputer has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews