Tag Archive for: facebook

Urgent warning to Facebook users over ‘I can’t believe he’s gone’ scam that tricks you into downloading malware

/in


  • Scammers use fake news articles to trick Facebook users into following links
  • Experts say pay close attention to the link URL to avoid downloading malware  



Cybersecurity experts have issued an urgent warning to Facebook users over a new scam that they’ve coined the ‘I can’t believe his gone scam’. 

This emotionally manipulative scam tricks users into downloading malware, with posts featuring fake BBC branding, and implying that a loved one has died. 

Clicking on the linked post will bring users to a compromised site designed to harvest their personal information.

Marijus Briedis, cybersecurity expert at NordVPN, said: ‘When you come across unexpected or alarming posts, especially those about personal emergencies, take a moment to verify their legitimacy before clicking any links.’ 

Here are the key signs to look out for to make sure you don’t fall victim to the scam. 

Cybersecurity experts have issued an urgent warning to Facebook users over a new scam that they’ve coined the ‘I can’t believe his gone scam’
This emotionally manipulative scam tricks users into downloading malware, with posts featuring fake BBC branding, and implying that a loved one has died (stock image)

READ MORE: Fresh warnings over latest ‘hi mum’ text scams where fraudsters ‘prey on our goodwill with emotive stories’ 

The ‘I can’t believe he’s gone scam’ was first highlighted by cybersecurity researcher Pieter Arntz from Malwarebytes.

As Mr Arntz explained in a blog post, the scam consists of a post containing some variation of ‘I can’t believe he’s gone. I’ll miss him so much’ and a link.

If you follow the link, you will be brought to another Facebook post showing what appears to be a BBC news article about a fatal road accident. 

This post will also contain slightly different text to the original, saying: ‘I can’t believe this, I’m going to miss him so much’.

But while this post might appear legitimate at first glance, this is actually a fake link to a malicious website.

Mr Arntz writes: ‘The BBC news logo in the picture and the BBCNEWS part of the URL are…

Source…

Scam Alert: Fake obituary links on Facebook can lead to malware, virus – 11Alive.com WXIA

/in



Scam Alert: Fake obituary links on Facebook can lead to malware, virus  11Alive.com WXIA

Source…

NSFW Facebook ads being used to spread dangerous malware — don’t click on these

/in


Hackers have devised a clever new way to trick unsuspecting Facebook users into downloading malware on their computers.

While having your Facebook hacked is bad enough as it is, a new campaign discovered by Bitdefender uses compromised Facebook Business accounts to deliver the NodeStealer malware. 

Source…

Salesforce Zero-Day Exploited to Phish Facebook Credentials

/in


Attackers were recently spotted exploiting a zero-day flaw in Salesforce’s email and SMTP services in a sophisticated phishing campaign aimed at stealing credentials from Facebook users.

Guardio researchers detected cyberattackers sending targeted phishing emails with @salesforce.com addresses using the legitimate Salesforce infrastructure. An investigation revealed that they were able to exploit a Salesforce email-validation flaw to hide behind the domain’s trusted status with users and email protections alike.

The sender of the emails claimed to be “Meta Platforms,” and the messages included legitimate links to the Facebook platform, further bolstering legitimacy.

“It’s a no-brainer why we’ve seen this email slipping through traditional anti-spam and anti-phishing mechanisms,” Guardio Labs’ Oleg Zaytsey and Nati Tal noted in the post. “It includes legit links (to facebook.com) and is sent from a legit email address of @salesforce.com, one of the world’s leading CRM providers.”

The messages directed recipients via a button to a legitimate Facebook domain, apps.facebook.com, where content has been altered to inform them that they’d violated Facebook’s terms of service. From there, another button led to a phishing page that collected personal details, including full name, account name, email address, phone number, and password.

Nonetheless, “there is no evidence of impact to customer data,” Salesforce told Guardio. The flaw, meanwhile, has been fixed.

Abuse of Discontinued Facebook Games

On the Facebook side, attackers abused apps.facebook.com by creating a Web app game, which allows customized canvases. Facebook has discontinued the ability to create legacy game canvases, but existing games that were developed prior to the end of the feature were grandfathered in. It appears that malicious actors abused access to these accounts, the researchers said.

In doing this, they could “insert malicious domain content directly into the Facebook platform — presenting a phishing kit designed specifically to steal Facebook accounts including two-factor authentication (2FA) mechanism bypasses,” the researchers said, adding that Facebook parent Meta “quickly removed the…

Source…