Facebook phishing schemes are nothing new. Social media platforms in general are rife with scammers looking to prey on vulnerable users via account hijacking. BleepingComputer recently reported a Facebook scheme that’s been running rampant for several months.

Threat actors utilize hacked accounts to post deceptive links in an attempt to dupe the account's friends and followers. What are the specifics you need to watch out for and how can you keep your Facebook profile safe from scammers and hackers?

The Scam

Threat actors use compromised accounts to share links to fabricated articles suggesting someone is in trouble, dead, or involved in some other perilous situation.

Leveraging the trust associated with a friend's account, these malicious posts often include captions like "I can't believe he is gone.” or “Did you see what happened?” designed to manipulate users into clicking on the provided links.

Once users click on the links, they are directed to phishing sites prompting them to enter their Facebook credentials to supposedly view related articles and/or videos. The deceptive tactic involves displaying what seems to be blurred-out content in the background. In reality it's merely an image downloaded from Discord or another site. Falling victim to this ploy allows threat actors to steal users' credentials while redirecting them and perpetuating the scheme by spreading more links with newly compromised Facebook account login credentials.

The Impact

Friends and family of compromised accounts continue to unwittingly share these deceptive links, unknowingly becoming victims of the same scam themselves. It’s creating a never-ending cycle of account compromising and can lead to more dire consequences if a hacker sends a direct message using an account to obtain more privileged private information or gleen information within the account itself.

Multi-Factor Authentication (MFA)

Taking proactive measures to secure your Facebook account is a great place to start. Enabling multi-factor authentication (MFA) provides an additional layer of defense against phishing attacks in the event your login credentials become compromised. While this particular scam does not attempt to steal two-factor authentication (2FA) tokens, it is strongly recommended to enable 2FA as an added security measure.

How 2FA Safeguards Your Account

Once 2FA is enabled, Facebook prompts users to enter a unique, one-time passcode each time their credentials are used to log in from an unknown location. Since only the account owner has access to these codes, even if login credentials are compromised, unauthorized access is avoided.

The Importance of Vigilance

Despite the effectiveness of 2FA, it's crucial to remain vigilant and stay aware of threats targeting you and your information. Some phishing attacks may attempt to trick users into entering their 2FA codes as well. Be on the lookout for the next iteration waiting in the wings! Staying informed and skeptical of suspicious links, posts, and requests adds an extra layer of protection.

The Bottom Line

Staying ahead of phishing scams is becoming increasingly difficult with such a high volume of schemes flooding our digital landscape daily. Safeguarding your online presence has never been more difficult.

The recent Facebook phishing scam underscores the importance of not only recognizing these tactics but also taking proactive steps, such as enabling multi-factor authentication, to fortify your defenses against malicious actors.

Stay informed, stay vigilant, and keep your online accounts secure! When in doubt, don’t click or reshare any posts or provide any information, including login credentials.