I Can't Believe My Credentials Are Gone

This Facebook phishing scam starts with a post from a friend that says, “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack.

Scammers use compromised Facebook accounts to post these “I can’t believe he is gone” phishing links. The posts appear to come from your friends and family, which makes this phishing attack very convincing. If you fall for their tricks, scammers can then use your Facebook account to post the same message to your friends and family.

Follow these tips to avoid falling victim to a Facebook phishing attack:

  • When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
  • A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.
  • Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.

Never be embarrassed if you think you may have clicked on something harmful, or if you’re unsure if a message, call, or email is legitimate! 

Please report it to phish@appstate.edu.