A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials.
We’ve all seen one of those posts on social media about some actor, musician or famous person that has passed away. Feeling a sense of sadness and wanting to know more details, these posts garner a lot of attention.
But in a generation that somewhat worships celebrities, a post about someone famous dying and not posting the name seems to do the trick to lure potential victims to take the bait.
According to Bleeping Computer, a new scam on Facebook omits the details but pulls at the heart strings with these posts that imply someone famous has died.
Source: Bleepstatic
Depending on the operating system of the device used to initially view the post, the victim is taken to different target pages, each with the intent to get the victim to login with their Facebook credentials.
This is very similar to scams targeting Microsoft 365 where the user reads the content, clicks and is asked to log into their Microsoft 365 account to see it!
While businesses may not think the Facebook attack is a direct threat, it can be an indirect one that provides attackers with identities used for attacks on both individuals and businesses. Facebook supports multi-factor authentication, so that’s a great first step to thwarting the misuse of stolen credentials. And businesses should employ security awareness training as the key to maintaining a state of vigilance in their employees when working online to ensure they don’t fall for other similar scams.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Here's how it works:
