“I can’t believe he’s gone. I’m gonna miss him so much.”
If you see a post on Facebook with these words (or even in this vein), watch out—your friend’s account is being used to spread a phishing scam.
Here’s how it works: An attacker steals an account. Then they post this vague but worrisome message, along with a website link that looks legitimate. (It’s usually an URL that starts with the Facebook domain or looks like an embedded video from BBC News.) The link redirects to a phony site that asks for your Facebook login info to proceed. If you enter it, the page captures your credentials. Afterward, you’re redirected yet again—计算机, which reported on this issue earlier this week, says mobile users get punted to Google, while those on a desktop PC get pushed off to other scummy websites promoting browser extensions, VPNs, or affiliate sites.
If your Facebook account gets taken over, your account gets used to spread this scheme to your network.
While this particular scam isn’t new—its initial appearance was about a year ago, according to Bleeping Computer—it still has fresh legs. I spotted this phishing attempt in the wild just last week when an acquaintance’s account posted the Facebook redirect variant of the message.
计算机
To protect yourself from this campaign (and any others that rely on a compromised password), you can take a few steps. First, if you think you’ve fallen for one of these bad links, change your password as soon as possible. Pick one that’s strong, unique, and random—you can use a 密码管理器 to generate and store it.
接下来,启用 双因素认证(2FA) on your account. It adds a second layer to the login process, in which you have to enter a six-digit code or use a hardware token in addition to your password. More secure forms of 2FA (software tokens or a hardware key) should stop would-be hackers in their tracks since they won’t have access to the app generating the tokens or the hardware key. (Note: 2FA codes sent over SMS are riskier, since an attacker could hijack your phone number to get those text messages routed to them.)
最后,您可以使用 防病毒程序 or browser extension that detects and blocks malicious links. It’s not foolproof, but it adds to your overall safety net. Online security is about layers—having more than just a password helps safeguard you more thoroughly.
- :具有
- :是
- :不是
- 1
- 2024
- 2FA
- 50
- a
- 关于
- ACCESS
- 根据
- 账号管理
- 增加
- 添加
- 联盟
- 前
- 沿
- an
- 和
- 杀毒软件
- 任何
- 应用
- 保健
- AS
- 尝试
- 认证
- 坏
- 英国广播公司
- 作为
- 相信
- BleepingComputer
- 吹氣梢
- 浏览器
- 但是
- by
- 营销活动
- CAN
- 捕获
- 更改
- 码
- 代码
- 妥协
- 一台
- 可以
- 资历
- 通过电脑捐款
- 域
- 此前
- 嵌入式
- enable
- 输入
- 甚至
- 延期
- 扩展
- 堕落
- 少数
- (名字)
- 针对
- 形式
- 新鲜
- 止
- 生成
- 发电
- 得到
- 走了
- 谷歌
- 黑客
- 硬件
- 有
- 帮助
- 劫持
- 他
- 创新中心
- HTML
- HTTPS
- i
- if
- 说明
- in
- info
- 初始
- 问题
- IT
- 一月三十一日
- 只是
- 键
- (姓氏)
- 层
- 合法
- 腿
- 喜欢
- 友情链接
- 链接
- 登录
- LOOKS
- 恶意
- 的话
- 条未读消息
- 错过
- 联络号码
- 更多
- 许多
- 净
- 网络
- 消息
- 注意
- of
- 折扣
- on
- 一
- 在线
- 在线安全
- or
- 其他名称
- 其它
- 超过
- 最划算
- 页
- 特别
- 密码
- PC
- 钓鱼
- 钓鱼诈骗
- 电话
- 假
- 挑
- 柏拉图
- 柏拉图数据智能
- 柏拉图数据
- 可能
- 帖子
- 发布
- 继续
- 过程
- 促进
- 保护
- 重定向
- 依靠
- 报道
- 实现安全
- 说
- 诈骗
- 方案
- 截图
- 其次
- 安全
- 保安
- 看到
- 发送
- 应该
- 自
- 网站
- 网站
- 短信
- So
- 软件
- 不久
- 传播
- 启动
- 抢断
- 步骤
- 仍
- Stop 停止
- 商店
- 强烈
- 采取
- 拍摄
- 文本
- 比
- 这
- 其
- 他们
- 然后
- 博曼
- 他们
- 认为
- Free Introduction
- 本星期
- 透
- 那些
- 至
- 象征
- 令牌
- 轨道
- 二
- 独特
- 网址
- 使用
- 用过的
- 用户
- 平时
- 变种
- 视频
- VPN的
- 希望
- 是
- 了解
- 您的网站
- 网站
- 周
- ,尤其是
- 这
- 而
- 维基百科上的数据
- Wild!!!
- 话
- 合作
- 年
- 但
- 您
- 您一站式解决方案
- 你自己
- 和风网