Facebook users targeted with “I’ll miss him so much” scam


The Facebook-oriented scam abuses users’ sense of grief and incorporates BBC branding to attract victims.

A novel Facebook scam is attempting phishing attacks on social media users by tricking them into clicking a link that supposedly displays somebody’s loss, a recent report from Malwarebytes says.

The post says, “I can’t believe he’s gone. I’ll miss him so much,” and displays a Facebook permalink, which leads to another post, displaying a fake BBC news titled “Fatal road accident on the highway takes several lives.”

As Reddit user Ggrenley pointed out, attackers stole a relative’s Facebook account and started tagging the account owners’ friends in a post discussing the supposed loss.

To get potential victims to let their guard down, the fake news story has a BBC logo, and the malicious link supposedly starts with BBCNEWS.

“In reality, you will be redirected to the link displayed directly below the movie. We found several variations of that URL. All composed like this “BBCNEWS-{6 characters}.OMH4.XYZ”,” the report says.

The malicious link takes victims through several redirects, likely gathering locations and browser information in the process. Researchers surmise that this is done to collect the most possible data so that the final destination would match the user profile the best.

During the initial test, researchers landed on a website well-known for flooding users with malicious pop-ups that often lead users to malicious websites.

Scammers often farm Facebook users for data and credentials. Cybernews recently wrote about a scam where hackers sent fake copyright infringement notices to Facebook users to steal their credentials.

The phishing attack primarily targeted organization accounts, whose users would receive fake copyright infringement notices threatening to terminate their pages – unless they immediately take action.

Security professionals advise users to always inspect a link by hovering over it before clicking and double-checking sender addresses to avoid getting duped.