Facebook scams are a constant nuisance and vary from like-farming to scams that can cost you some serious money. The latest one we found is a bit morbid.
Recently, I’ve seen quite a few posts on my timeline that looked like this:
Without going into details the post says:
> “I can’t believe he’s gone. I’ll miss him so much”
In all the posts I've seen, one of my Facebook friends was tagged. When I noticed that happen to two friends that do not know each other, the post did what it was intended to do, trigger my curiosity.
When you follow the posted link, which is a Facebook permalink to a post made by what is probably a compromised account, you’ll see a fake BBC news item about a fatal road accident. The permalink of any post on Facebook is hidden under its time stamp and can be used to share content on or outside of Facebook.
This post features a slightly different text: “I can’t believe this, I’m going to miss him so much”
The BBC news logo in the picture and the BBCNEWS part of the URL are obviously intended to gain your trust, and suggest that it’s safe to play the video.
In reality you will be redirected to the link displayed directly below the movie. We found several variations of that URL. All composed like this “BBCNEWS-{6 characters}.OMH4.XYZ”
Clicking the play button takes you through several redirects, very likely to perform fingerprinting, where sites gather information about your browser, your location, and other sites you’ve visited. The scammers do this to make sure you are redirected to a site that is likely to generate the most profit from people fitting your profile.
During my testing, I was not logged in on Facebook and surfing from a Dutch IP address, I ended up at polo[.]thegadgetguru[.]club which was unreachable at the time of writing. However, our archives show it’s a known source of pop-ups and has been for at least two years. These pop-ups can lead visitors to potentially unwanted programs, adware, and fraudulent sites.
It's very likely that changing my IP address to a different location with a VPN and logging in to Facebook will change the outcome of the redirects, but I’m pretty sure none of them will be up to any good.
In this case I was able to spot the scam because it made me suspicious that two unrelated friends might be tagged in a similar post. But there are some other pointers to help you spot Facebook scams.
Report any posts you may find that are suspicious, scammy, illegal, or downright harmful to other Facebook users’ wellbeing. You can find this feature by clicking in the upper right hand corner of the Facebook post in question and picking either “Report post” or “Report photo”.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.