Targeting Trust: Phony Accident Articles Lure Users
Bleeping Computer recently reported a concerning phishing scam running rampant on Facebook for months. Hacked accounts are used to post links to fake articles claiming someone has died in an accident. These posts often have captions expressing shock or disbelief, such as “I can’t believe he is gone,” and use thumbnails from car crashes or crime scenes to appear legitimate.
The key element of this scam lies in exploiting trust. Seeing a post from a seemingly familiar account makes users more likely to click the link, leading them to a phishing website.
Deceptive Tactics: Blurred Videos and Stolen Credentials
Once clicked, the link directs users to a phishing site. This site attempts to steal Facebook credentials by:
- Displaying a blurred-out video preview: This is simply an image, not an actual video, and serves only to entice the user to enter their login information.
- Requesting login details: The website prompts users to enter their Facebook username and password to view the supposed video.
If a user falls for this deception and enters their credentials, they are immediately stolen by the attackers. The website then redirects the user to a legitimate site like Google, further masking its malicious intent.
While the specific purpose of stealing these credentials remains unclear, it’s likely the attackers use them to:
- Spread the scam further: By gaining access to compromised accounts, attackers can post more phishing links, perpetuating the cycle and potentially compromising even more accounts.
The widespread nature of this scam highlights its effectiveness. BleepingComputer reports seeing numerous instances of friends and family unknowingly falling victim to the hack and then inadvertently spreading the scam through their compromised accounts.
Protecting Yourself: Multi-Factor Authentication is Key
Bleeping Computer strongly recommends enabling multi-factor authentication (MFA) on your Facebook account to add an extra layer of security against phishing attacks. MFA requires a secondary code, typically sent to your phone, in addition to your username and password when logging in from an unrecognized device. This additional step significantly reduces the risk of unauthorized access, even if your login credentials are compromised.
It’s important to remember that while MFA is highly effective, some phishing attempts might still try to trick you into revealing your MFA code. Therefore, it’s crucial to remain vigilant and avoid entering any credentials, including MFA codes, on suspicious websites.
2B Innovations: Empowering Security-Conscious Users
2B Innovations empowers individuals and organizations to make informed security decisions every day. By providing comprehensive security awareness training and solutions, we aim to build a more secure digital world.