Beware of “I can’t believe he is gone” Facebook phishing posts

The Malawi Computer Emergency Response Team (Malawi CERT)warns about a widespread Facebook phishing campaign stating, “I can’t believe he is gone. I’m gonna miss him so much,” leads unsuspecting users to a website that steals your Facebook credentials. The Facebook phishing posts come in two forms, with one simply stating, “I can’t believe he is gone. I’m gonna miss him so much,” and containing a Facebook redirect link.

Clicking on the link from the Facebook app on a mobile device will bring visitors to a fake news site called ‘NewsAmericaVideos’ that prompts them to enter their Facebook credentials to confirm their identity and watch the video. If you enter your Facebook credentials, the threat actors will steal them, and the site will redirect you to Google.

This phishing attack is ongoing and widely spread on Facebook through friend’s hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform. As the posts come from your friends’ hacked accounts, they look more convincing and trustworthy, leading many to fall for the scam.

The phishing campaign started around a year ago, with Facebook having trouble blocking the posts as they continue to this day. However, when new posts are created and reported, Facebook deactivates the redirect link in the post so that they no longer work.

Scroll to Top
Skip to content