People often use Facebook to keep up with people they know. So if they get a message through Facebook Messenger that says “Look who died, in an accident,” they are likely to click on the accompanying link.
Security experts say that’s when the trouble begins because no one died in an accident, it’s just a new phishing scam.
Experts at Data Prot say victims may think they are clicking on the link to a news story but they instead download malware onto their device and have their login information stolen.
One of the apparent objectives is to get inside the victim’s Facebook account because it may hold valuable information. There are often photos, conversations, and shopping data that can be sold on the dark web.
‘Large-scale scam’
“This is a large-scale scam that, unlike targeted attacks such as spear phishing, aims to affect as many people as possible,” Data Prot reported on its website. “It works by sending a malicious link to the victim with the message ‘Look who died.’ The message is typically sent from another friend’s profile that was previously infected with this virus.
Because the message appears to come from someone you know, your first instinct might be to believe it. The "accident victim" might be a celebrity or someone you know.
For that reason, links in any Facebook message should be approached carefully. If you have the email address or phone number of the “friend” whose name is on the message, contact them directly and not through the Facebook app.
By clicking on the link, victims are working for the scammers by recruiting more victims. The malware they download steals their username and password. Later, it spreads the link in messages to the victim’s other Facebook friends.