Security
Headlines
HeadlinesLatestCVEs

Headline

“I’ll miss him so much” Facebook scam uses BBC branding to lure victims

We found a Facebook scam that aims to redirect victims to sites promoting PUPs, adware, or other fraudulent sites.

Malwarebytes
#vulnerability#web#ios

Facebook scams are a constant nuisance and vary from like-farming to scams that can cost you some serious money. The latest one we found is a bit morbid.

Recently, I’ve seen quite a few posts on my timeline that looked like this:

Without going into details the post says:

“I can’t believe he’s gone. I’ll miss him so much”

In all the posts I’ve seen, one of my Facebook friends was tagged. When I noticed that happen to two friends that do not know each other, the post did what it was intended to do, trigger my curiosity.

When you follow the posted link, which is a Facebook permalink to a post made by what is probably a compromised account, you’ll see a fake BBC news item about a fatal road accident. The permalink of any post on Facebook is hidden under its time stamp and can be used to share content on or outside of Facebook.

This post features a slightly different text: “I can’t believe this, I’m going to miss him so much”

The BBC news logo in the picture and the BBCNEWS part of the URL are obviously intended to gain your trust, and suggest that it’s safe to play the video.

In reality you will be redirected to the link displayed directly below the movie. We found several variations of that URL. All composed like this “BBCNEWS-{6 characters}.OMH4.XYZ”

Clicking the play button takes you through several redirects, very likely to perform fingerprinting, where sites gather information about your browser, your location, and other sites you’ve visited. The scammers do this to make sure you are redirected to a site that is likely to generate the most profit from people fitting your profile.

During my testing, I was not logged in on Facebook and surfing from a Dutch IP address, I ended up at polo[.]thegadgetguru[.]club which was unreachable at the time of writing. However, our archives show it’s a known source of pop-ups and has been for at least two years. These pop-ups can lead visitors to potentially unwanted programs, adware, and fraudulent sites.

It’s very likely that changing my IP address to a different location with a VPN and logging in to Facebook will change the outcome of the redirects, but I’m pretty sure none of them will be up to any good.

How to avoid Facebook scams

In this case I was able to spot the scam because it made me suspicious that two unrelated friends might be tagged in a similar post. But there are some other pointers to help you spot Facebook scams.

  • Scrutinize URLs closely. Not every scam campaign is sophisticated or difficult to spot. Start with the URL – if it’s obviously not for the website in question then step away.
  • Reach out to friends and family outside of Facebook or Instagram. If you’re not sure if a message is from the person it says it’s from, give them a call or send them a text message to check they really did send it.
  • Be wary of “free” stuff. Sure, free things are nice—but they shouldn’t cost you anything, and that includes your personal details or a small amount of money that you must pay first. If you see a giveaway doing the rounds on Facebook, go to that company’s official webpage to verify it, or give them a call.
  • Update your browser regularly. This keeps new vulnerabilities at bay, and is another layer of protection you can depend on.
  • Change your login credentials if you think your account may be compromised. And if you’ve used the same password on other sites, change them.
  • Install browser protection, like Malwarebytes Browser Guard, which can alert you to scams and other nasties in the browser.
  • If you’ve decided you’ve had it with Facebook you may like this post on how to deactivate or delete your Facebook account.

Report any posts you may find that are suspicious, scammy, illegal, or downright harmful to other Facebook users’ wellbeing. You can find this feature by clicking in the upper right hand corner of the Facebook post in question and picking either “Report post” or “Report photo”.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Malwarebytes: Latest News

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more