The Trustwave Spider Labs team uncovered Tycoon Group’s Phishing-as-a-Service operation, offering advanced phishing tools via Telegram. This system is designed to sidestep Microsoft’s two-factor authentication,…
A new Facebook scam has been making the rounds, preying on users’ sympathy and care for others. The scam starts with a Facebook post that says, “I can’t believe he’s gone” or “I’ll miss him so much,” and on occasion, uses the name and photos of a friend or family member, sometimes the name is just general. The post is made to look like someone you know, or someone connected closely with one of your Facebook friends, has passed away suddenly.
If you comment asking what happened, you’ll get a response with a shocking story about how the person died unexpectedly. The scammers will even use fake news headlines or obituaries to make the story seem credible.
The goal is to provoke an emotional reaction, so you click on a link included in the post or response. The link goes to a fake Facebook login page where you’re prompted to enter your username and password. The scammers then gain access to your account and use it to target your friends with more fake tragedy posts.
How to Spot this Facebook Scam
There are a few red flags to watch out for with this scam:
- The post uses vague language like “I can’t believe he’s gone” rather than naming the person directly. Real posts about losing someone will use their name.
- The story of how they died seems overly dramatic or implausible.
- If you ask for details, the responses seem generic, impersonal, or avoid specifics.
- The link they want you to click is not to a legitimate website but goes to a fake Facebook.com site, prompting users to log in. Legitimate links would go to a news story or fundraiser page.
How to Protect Yourself against Facebook Scams
The best way to avoid falling for this scam is to be wary of any posts that aim to provoke an emotional reaction or seem “off.” Specifically:
- Don’t click on links from suspicious posts, even if it’s about someone you know. Go to their profile to confirm if the post is real.
- Be wary of sensational stories of tragedy or death posted by friends and family. Verify with them or someone close to them before believing it.
- Use two-factor authentication on your accounts with an authentication app being the most secure form of 2FA.
- Avoid entering your login details after clicking links, this should be an alarm bell that you’re having to log in again
- Ensure you two-factor data is correct and that you still have access to the listed email, phone number or security application.
- Report fake profiles or posts to Facebook if you suspect a scam.
- Limit your friends list and share personal posts only with people you know well.