The deceptive Facebook phishing campaign using the emotionally charged phrase “I can’t believe he is gone. I’m gonna miss him so much,” is currently exploiting users’ trust, leading them to a malicious website designed to hijack Facebook credentials. This ongoing scam has become widespread on Facebook, utilizing accounts compromised by threat actors to expand its reach and ensnare more victims.
This phishing attack, leveraging the guise of friend’s hacked accounts, presents an added layer of credibility, making the scam more effective. The familiarity of seeing such a post from a friend increases the likelihood of unsuspecting users falling prey to the scam.
The campaign, which began about a year ago, has proven challenging for Facebook to contain. Despite efforts to deactivate the redirect links in these posts once they are reported, the campaign persists, indicating the sophistication and persistence of the threat actors behind it. The phrase “I can’t believe he is gone” serves as a potent emotional trigger, drawing users into the scam’s web.
How does “I can’t believe he is gone” scam work?
The ongoing Facebook phishing campaign, marked by the poignant message “I can’t believe he is gone. I’m gonna miss him so much,” utilizes two distinct approaches to ensnare users. One variant of the scam includes a simple Facebook redirect link, while the other presents a seemingly authentic BBC News video of a car accident or a crime scene.
Investigations into these phishing posts revealed that the links lead to different sites based on the device used. For mobile Facebook app users, clicking the link redirects to a fabricated news site called ‘NewsAmericaVideos’. This site prompts users to enter their Facebook credentials under the guise of identity confirmation to view a blurred video, which is, in reality, just an image sourced from Discord.
Should users input their Facebook credentials, these are immediately captured by the threat actors, and the user is then redirected to Google. The exact purpose of collecting these credentials is unclear, but it’s evident they are used to perpetuate the scam by posting similar phishing messages through the hacked accounts.
On desktop computers, the phishing sites exhibit different behavior, often redirecting users to Google or leading them to other scams involving VPN apps, browser extensions, or affiliate sites.
This phishing scam’s reach is extensive, with daily creation of numerous deceptive posts by individuals whose accounts have been compromised by the same scheme. Given that this attack does not target two-factor authentication (2FA) tokens, Facebook users are strongly advised to enable 2FA.
This additional security layer requires a unique one-time passcode for login attempts from unrecognized locations. Thus, even if credentials are compromised, unauthorized access is significantly hindered, as the unique codes remain with the legitimate user.
What does phising mean?
Phishing is a prevalent form of cybercrime where attackers masquerade as trustworthy entities to deceive individuals into providing sensitive data. This malicious activity can take various forms, and understanding its nature is crucial for digital safety.
1. The basics of phishing
At its core, phishing involves tricking people into divulging personal information, such as login credentials, credit card numbers, or social security details. Attackers typically use email, social media, or text messages to lure victims with seemingly legitimate requests or alarming statements. For instance, the Facebook phishing scam using the emotionally charged phrase “I can’t believe he is gone. I’m gonna miss him so much” cleverly plays on human emotions to prompt action.
2. Common phishing techniques
Phishing attacks come in several forms. Email phishing, the most common type, involves sending fraudulent emails that mimic real communications from trusted organizations. Spear phishing targets specific individuals or companies, while whaling focuses on high-profile targets like executives. The Facebook scam, a classic case of social media phishing, utilizes familiar platforms to spread deceitful messages.
3. The dangers of phishing
Phishing poses significant risks as it can lead to financial loss, identity theft, and unauthorized access to sensitive systems. In cases like the “I can’t believe he is gone” phishing campaign on Facebook, personal accounts can be hijacked, leading to further spread of the scam and potential data breaches.
Featured image credit: Kerem Gülen/Midjourney