Watch out for "I can't believe he is gone" Facebook phishing posts

This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform.
As the posts come from your friends' hacked accounts, they look more convincing and trustworthy, leading many to fall for the scam.
The phishing campaign started around a year ago, with Facebook having trouble blocking the posts as they continue to this day.
When new posts are created and reported, Facebook deactivates the Facebook.com redirect link in the post so that they no longer work.
The other uses the same text but shows what appears to be a BBC News video of a car accident or other crime scene, as shown below.
When BleepingComputer tested the links in the phishing posts, they brought us to different sites depending on the type of device you are using.
If you enter your Facebook credentials, the threat actors will steal them, and the site will redirect you to Google.
While it is not known what the stolen credentials are used for, the threat actors likely use them further to promote the same phishing posts through the hacked accounts.
Visiting the phishing pages from a desktop computer causes a different behavior, with the phishing sites redirecting users to Google or other scams promoting VPN apps, browser extensions, or affiliate sites.
This phishing scam is widely spread, with BleepingComputer seeing numerous posts created each day by friends and family who unwittingly had their accounts hacked through the same scam.
As this phishing attack does not attempt to steal two-factor authentication tokens, it is strongly advised that Facebook users enable 2FA to prevent their accounts from being accessed if they fall for a phishing scam.
Once enabled, Facebook will prompt you to enter a unique one-time passcode each time your credentials are used to log in to the site from an unknown location.
As only you will have access to these codes, even if your credentials are stolen, they cannot log in.
For the best security, when enabling two-factor authentication on Facebook, use an authentication app rather than SMS texts, as your phone number can be stolen in SIM swapping attacks.
Update 1/21/24: Article updated to clarify this phishing campaign started a year ago.
Meta won't remove fake Instagram profiles that are clearly catfishing.
Microsoft disrupts Russian hackers' operation on NATO targets.
US court docs expose fake antivirus renewal phishing tactics.
Crypto wallet founder loses $125,000 to fake airdrop website.
FTC offers $25,000 prize for detecting AI-enabled voice cloning.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 21 Jan 2024 17:44:05 +0000


Cyber News related to Watch out for "I can't believe he is gone" Facebook phishing posts