If you come across a Facebook post containing the words, “I can’t believe he’s gone. I’m gonna miss him so much,” or anything similar, exercise caution as your friend’s account may be compromised and used to propagate a phishing scam.
Here’s the modus operandi: The attacker gains control of an account and shares a cryptic yet concerning message, coupled with a seemingly legitimate website link. Typically, the link mimics the Facebook domain or appears as an embedded video from reputable sources like BBC News. However, the reality is quite different—clicking the link redirects users to a fraudulent website prompting them to input their Facebook login information. Once entered, the page captures the unsuspecting user’s credentials. Subsequently, users find themselves redirected again; mobile users may end up on Google, while desktop users get directed to dubious sites promoting browser extensions, VPNs, or affiliate sites, as reported by Bleeping Computer earlier this week.
The insidious nature of this scam lies in its ability to exploit compromised accounts to further disseminate the scheme across the victim’s network. Although the scam is not entirely new, having made its debut approximately a year ago, it continues to persist with a recent resurgence. Just last week, I encountered this phishing attempt in the wild when an acquaintance’s account shared the Facebook redirect variant of the deceptive message.