FACEBOOK users have been warned over a new scam that’s doing the rounds that baits people with fake links about a ‘sudden death’.
A widespread phishing campaign has been unearth on the platform, in which hackers post “I can’t believe his is gone. I’m gonna miss him so much,” in a bid to get people to click on a dodgy link.
The dodgy link takes users to a website that steals their Facebook credentials, BleepingComputer first reported.
This particular campaign started around a year ago.
Since then, threat actors have built an army of hacked accounts to continue peddling the scam to other unsuspecting users.
When a post or link comes from a friend or family member’s account – it’s easy to think it is trustworthy, which leads many people to fall for the scam.
The “I can’t believe he is gone” campaign relies on two risky links.
One is a supposed Facebook.com link that you must not click, and the other is a fake BBC News article.
Facebook tries to take unsafe posts down, but the platform often cannot keep up at the rate the threat actors post.
However, Facebook has been largely successful in deactivated dodgy Facebook.com redirect link in the posts so they no longer work.
The links take users to different sites depending on the type of device they are using, according to BleepingComputer.
Clicking on the link in Facebook via a smartphone will be taken to a fake news site called ‘NewsAmericaVideos’ that prompts users to punch in their account details.
This site is very convincing.
But if you enter your Facebook credentials in, they will be stolen by the hackers.
Your account may then be used to promote the same or similar phishing posts to your friends and family.
To avoid this fate, be cautious, and set up two-factor authentication (2FA).
This phishing attack does not attempt to steal 2FA information, so Facebook users who enable this security feature in their settings will be spared from the attack.
Two-factor authentication is becoming increasingly popular – and is available across Google and WhatsApp accounts too.
It involves users need both a password and a passcode that’s texted to them to access accounts, and avoid hacking.
Here's what you need to know...