Facebook is no stranger to chain messages and other kinds of spam, which frequently circulate on the platform. Sometimes, that spam is particularly harmful, spreading phishing links and malicious software.
One such message spreading in January 2024 appears to mourn someone’s death. While the exact text varies, the post typically says something along the lines of “I can't believe he’s gone. I'll miss him so much” followed by crying emojis and a link to another Facebook post. Usually, multiple people are tagged in the post, likely making them wonder if someone really died or if they’re the target of a scam.
THE QUESTION
Are “I can’t believe he’s gone” and “look who died” Facebook posts scams?
THE SOURCES
MalwareBytes, a cybersecurity company that operates antivirus software
DataProt, a cybersecurity product review website
THE ANSWER
Yes, the “I can’t believe he’s gone” and “look who died” Facebook posts are scams.
WHAT WE FOUND
The “I can’t believe he’s gone” and “look who died” Facebook posts are examples of phishing scams, which use links to collect personal information from the victim, or spread malicious software.
Hackers typically gain access to a person’s Facebook account or make a clone of their account to post a vague message about someone’s death with a link to another Facebook post. That second Facebook post contains a link meant to look like a legitimate news article about some kind of tragic accident.
A researcher for MalwareBytes, a cybersecurity company that operates antivirus software, found one such post included a link imitating a BBC news article about a car accident.
The post’s link preview is where you can spot the first major red flag: While the URL starts with “BBCNEWS,” it’s followed by a random assortment of characters and ends with “.xyz.” The real BBC’s URL is simply www.bbc.com. This type of falsified link is often indicative of a scam.
MalwareBytes said that clicking on the URL takes the victim through several redirects, likely to gather information about you, like your location or what browser you use, before choosing a final website to send you to. The MalwareBytes researcher ended up at a site with pop-ups; those pop-ups can lead to visitors unintentionally downloading malicious software onto their device, compromising their privacy and security.
In July 2023, DataProt, a website that reviews cybersecurity products, issued a warning about a similar message spreading on Facebook. The posts or messages said “look who died” and included a link to a fake news article apparently about the death of someone the victim may know.
DataProt warned that these fake news articles were phishing links capable of stealing login information or installing malware onto victims’ devices.
People have reported on Reddit their experiences with scammers using their accounts to spread the malicious link after clicking the link themselves.
If you have clicked on one of these links or believe your Facebook account may be compromised, MalwareBytes and DataProt recommend going into your Facebook settings, logging out of locations you don’t recognize or even all locations, changing your password and setting up two-factor authentication if you don’t already have it. You should also run a virus scan on your device.
You can log out of locations you don’t recognize by going to your Facebook account’s settings and clicking on Meta’s Accounts Center. Once there, you can click on “Password and security” and then “Where you’re logged in.” That should bring up a menu that will allow you to check which devices have logged into your account, and let you log out of any you don’t recognize.
It’s also a good idea to report the scam to Facebook and change the password of any online account that may use the same password as your Facebook account.
This story is also available in Spanish / Lee este artículo también en español: Publicaciones diciendo 'No puedo creer que se ha ido' y 'mira quién se murió' en Facebook son estafas