{"id":23720,"date":"2024-01-16T04:10:25","date_gmt":"2024-01-16T12:10:25","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/01\/16\/news-17450\/"},"modified":"2024-01-16T04:10:25","modified_gmt":"2024-01-16T12:10:25","slug":"news-17450","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/16\/news-17450\/","title":{"rendered":"\u201cI’ll miss him so much\u201d Facebook scam uses BBC branding to lure victims"},"content":{"rendered":"\n

Facebook scams are a constant nuisance and vary from like-farming<\/a> to scams that can cost you some serious money. The latest one we found is a bit morbid.<\/p>\n

Recently, I\u2019ve seen quite a few posts on my timeline that looked like this:<\/p>\n

\"I<\/figure>\n

Without going into details the post says:<\/p>\n

\n

\u201cI can\u2019t believe he\u2019s gone. I\u2019ll miss him so much\u201d<\/p>\n<\/blockquote>\n

In all the posts I’ve seen, one of my Facebook friends was tagged. When I noticed that happen to two friends that do not know each other, the post did what it was intended to do, trigger my curiosity.<\/p>\n

When you follow the posted link, which is a Facebook permalink to a post made by what is probably a compromised account, you\u2019ll see a fake BBC news item about a fatal road accident. The permalink of any post on Facebook is hidden under its time stamp and can be used to share content on or outside of Facebook.<\/p>\n

This post features a slightly different text: \u201cI can\u2019t believe this, I\u2019m going to miss him so much\u201d<\/p>\n

\"I<\/figure>\n

The BBC news logo in the picture and the BBCNEWS part of the URL are obviously intended to gain your trust, and suggest that it\u2019s safe to play the video.<\/p>\n

In reality you will be redirected to the link displayed directly below the movie. We found several variations of that URL. All composed like this \u201cBBCNEWS-{6 characters}.OMH4.XYZ\u201d<\/p>\n

Clicking the play button takes you through several redirects, very likely to perform fingerprinting, where sites gather information about your browser, your location, and other sites you\u2019ve visited. The scammers do this to make sure you are redirected to a site that is likely to generate the most profit from people fitting your profile.<\/p>\n

During my testing, I was not logged in on Facebook and surfing from a Dutch IP address, I ended up at polo[.]thegadgetguru[.]club which was unreachable at the time of writing. However, our archives<\/a> show it\u2019s a known source of pop-ups and has been for at least two years. These pop-ups can lead visitors to potentially unwanted programs<\/a>, adware<\/a>, and fraudulent sites.<\/p>\n

\"\"<\/figure>\n

It’s very likely that changing my IP address to a different location with a VPN and logging in to Facebook will change the outcome of the redirects, but I\u2019m pretty sure none of them will be up to any good.<\/p>\n

How to avoid Facebook scams<\/h2>\n

In this case I was able to spot the scam because it made me suspicious that two unrelated friends might be tagged in a similar post. But there are some other pointers to help you spot Facebook scams.<\/p>\n