January 21, 2024 at 03:15PM
A widespread and ongoing Facebook phishing campaign uses hacked accounts to post convincing messages, leading users to a website that steals their Facebook credentials. The posts appear genuine and lead to fake news sites prompting users to enter their credentials. The stolen accounts are then used to continue spreading the phishing posts. Enabling two-factor authentication is strongly advised for protection.
The meeting notes indicate an ongoing Facebook phishing campaign that aims to steal users’ credentials by luring them to fake websites through their friends’ hacked accounts. The phishing posts come in various forms, including one stating “I can’t believe he is gone. I’m gonna miss him so much” and contain a Facebook redirect link. When clicked, these links lead to different sites depending on the device used, prompting visitors to enter their Facebook credentials to watch a fake video and subsequently stealing their information. The scam is widely spread and continues to be posted daily, even though Facebook deactivates the links in reported posts. It is strongly recommended for Facebook users to enable two-factor authentication (2FA) to enhance the security of their accounts and prevent unauthorized access, especially in case of falling for such phishing scams. Using an authentication app for 2FA is preferable to SMS texts to prevent potential SIM swapping attacks.