INDIANAPOLIS — Cyber security experts are spreading the word about a Facebook direct message hacking scam that is quickly spreading across the social media platform.

It’s called the “look who died” phishing scam, and it’s aimed at gaining access to your Facebook account.

It starts with a direct Facebook message that appears to be from someone you know.  The message says “look who died” and contains a link to what appears to be an article about an accident that killed someone you know or possibly a celebrity.  If you click on the link, it won’t take you to a news article, but it will download malware onto your phone or computer that gives the hackers access to your Facebook login information.

Cyber crooks love getting into Facebook accounts because they often contain information like shopping history and photos that can be sold on the dark web.  Accessing your account also means they can spread the phishing scam by sending messages from your account to other Facebook users on your friends list.

If you are tricked by the scam, and you end up clicking on the bogus link, Data Prot has a detailed list of things you should do immediately;

  • Firstly, make sure you’re not locked out of your account. If your password hasn’t been changed, there are things you can do to mitigate the damage. To start, immediately change the password yourself, so the hacker can no longer log into your account. 
  • After you’ve changed your password, report this problem to Facebook. This is important because the company is constantly tracking activities like this, and reports can help Facebook eliminate it and stop it from happening to someone else. 
  • Head to security settings and log out of any locations or devices you don’t recognize. You can do that by clicking on the menu and choosing “not you?”
  • Do the same with apps. Any websites or apps that have permission to access your Facebook account should be reviewed. If there are any that you don’t recognize, remove them.
  • When you go to general settings, make sure to check the email addresses linked to your account. If there are any unknown ones, remove them as well. 
  • If you don’t have two-factor authentication, turn it on. This is an essential security measure for any online account you have these days, not just the one on Facebook. With two-factor authentication, you will be notified of each login attempt and only be able to log in with the information that you’ve received through SMS or an email.
  • Lastly, just in case, change your email password. Your email is the most important pillar in terms of your personal cybersecurity. Having multiple accounts compromised is far more likely if you lose access to your primary email address.
  • Scan your device using anti-malware software. Even if you think your messenger isn’t hacked, signs like your friends telling you they received strange links from you shouldn’t be ignored. 

In addition to reporting the scam to Facebook, it’s probably also a good idea to inform your Facebook friend that you got the bogus message from them, which means their account has been hacked.