INDIANAPOLIS (WTTV) -- Cyber security experts are spreading the word about a Facebook direct message hacking scam that is quickly spreading across the social media platform.
It's called the "look who died" phishing scam, and it’s aimed at gaining access to your Facebook account.
It starts with a direct Facebook message that appears to be from someone you know. The message says “look who died” and contains a link to what appears to be an article about an accident that killed someone you know or possibly a celebrity.
If you click on the link, it won't take you to a news article, but it will download malware onto your phone or computer that gives the hackers access to your Facebook login information.
Online criminals love getting into Facebook accounts because they often contain such information as shopping history and photos that can be sold on the dark web. Accessing your account also means they can spread the phishing scam by sending messages from your account to other Facebook users on your friend list.
If you are tricked and end up clicking on the bogus link, Data Prot has a detailed list of things you should do immediately:
- Check your account to make sure you’re not locked out. If you still have access, immediately change your password so the hacker can no longer log into your account.
- After changing your password, report the problem to Facebook. Since the company constantly tracks this kind of activity, reports can help Facebook eliminate it and stop it from happening to someone else.
- Go to your security settings and log out of any locations or devices you don’t recognize. You can do that by clicking on the menu and choosing “not you?”
- Do the same with apps. Review any websites or apps that have permission to access your Facebook account. Remove any you don’t recognize.
- In general settings, be sure to check the email addresses linked to your account. Remove any unknown ones.
- If you aren't using two-factor authentication, turn it on. This is an essential security measure for any online account you have these days, not just on Facebook. With two-factor authentication, you will be notified of each login attempt and only be able to log in with the information that you’ve received through SMS or an email.
- Lastly, also change your email password just in case. Having multiple accounts compromised is far more likely if you lose access to your primary email address.
- Use anti-malware software to scan your device. Even if you think your messenger isn’t hacked, such indicators as your friends telling you they received strange links from you shouldn’t be ignored.
In addition to reporting the scam to Facebook, it's also a good idea to let your Facebook friend know you got the bogus message from them, which means their account has been hacked as well.
