If you are on Facebook, you’ve probably seen a post tagging people you know stating “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack. Then they turn around and use those credentials to send that fake post to your family and friends, hoping to get their credentials.
Why? Because people reuse passwords, a stolen password from Facebook can also mean access to banking information or other personal sites. Also, access to your Facebook account will give someone a lot of personal information about you, where you live, who your friends are, and even where you went to high school. That’s a lot of information that is useful in identity theft.
Follow these tips to avoid falling victim to a Facebook phishing attack:
- When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
- A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.
Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.