Facebook phishing scam on the rise

Facebook Alert: “I Can’t Believe He’s Gone” Phishing Scam

Facebook users are being targeted by a widespread phishing campaign on the platform. This fake approach uses an emotional message: “I can’t believe he’s gone. I’m going to miss him so much,” to mislead innocent people. The goal of redirecting victims to a fake website is stealing their Facebook login credentials.

This phishing attack has spread significantly on Facebook, mostly using compromised accounts of friends. As cybercriminals get a large number of compromised accounts with the purpose of executing out more scams on the network, it poses a serious threat.

The continuous risk of a widespread phishing attack on Facebook is a major issue. This persistent and deceitful technique changes its tone and connections on a regular basis to avoid discovery. The posts seem more trustworthy but are more likely to be fraudulent because they are taken from your friends’ hacked accounts.

Scammers skilfully update the template post while keeping the same psychological hooks, which allows the “I can’t believe he’s gone” scam to consistently mislead vulnerable Facebook users.

Phishing Scam on Facebook
Phishing Scam on Facebook instance of “I Can’t Believe He’s Gone” (r/scam)

Facebook tries to fully stop this problem even with continuous attacks. Facebook responds to user reports of fake posts by deactivating the links that connect users to Facebook.com within the posts, making them unreachable.

Discovering the Mechanisms of the “I Can’t Believe He’s Gone” Scam

Scams like “I can’t believe he’s gone” come in two different forms. First, there is a short note that expresses grief and shock, along with a fake Facebook redirect link. The second version of the phishing attempt adds a further layer of deception by using the same text but adding a clear BBC News video showing a crime scene or vehicle accident.

Phishing scams using fake Facebook posts that say "I'll Miss Him"
Phishing scams using fake Facebook posts that say “I’ll Miss Him” (Bleepingcomputer)

Clicking on such links in the Facebook app on mobile devices may take users to the fake news site ‘NewsAmericaVideos.’ Users must enter their Facebook login information here to see the video and verify their account.

The malicious approach is to trick people into providing personal information or unintentionally installing malware. These fake sites give a threat since they may steal login information, personal data, or force users into subscribing to unwanted services.

Furthermore, the website uses misleading methods, showing what looks like a blurry video preview but reflects a picture taken from Discord.

Facebook Phishing page to trick users into Revealing Credentials
Facebook Phishing page to trick users into Revealing Credentials (Bleepingcomputer)

If you enter your Facebook login on this website, threat actors may steal the info and redirect you to Google. Using social engineering, the “I Can’t Believe He’s Gone” scam effectively attacks on people’s feelings and confidence.

Threat actors usually use the stolen credentials to spread phishing posts through hacked accounts. But they have more interests than just stealing login information. To make it easier identity theft and other sorts of fraud, victims may be forced into providing additional personal information using fraudulent strategies such as fake surveys or advertisements.

The scam maintains its fake nature throughout the process by tricking users again repeatedly again. It gives consumers fake confidence, enabling them to believe they are helping a friend or getting trustworthy data.

This approach aims to maintain user engagement by decreasing the possibility that they would doubt the truth of the information and expose them to potential risks.

The desktop experience on phishing pages leads to different behaviour. These fake sites link users to a variety of frauds, including those marketing VPN software, browser extensions, and affiliate sites.


Avoid dramatic news links with the phrase ‘I can’t believe he’s gone’ to prevent potential scams or misinformation. Scammers use these URLs, which frequently lead to malicious websites.

Facebook users are strongly advised to use two-factor authentication (2FA), even if this phishing attack does not target 2FA tokens. This extra layer of protection can prevent unauthorised access to accounts in a case of a phishing scam.

Monitor your social, financial, and email accounts closely for any unauthorised changes. Scammers may use hacked Facebook credentials to get access to associated accounts. To prevent unauthorised access, passwords should be updated on a regular basis.

Remain careful by keeping updated of the most recent internet frauds, including spoofs similar to the “I Can’t Believe He’s Gone” scam. Knowing what to look out for allows you to protect yourself from risk by recognising and avoiding similar approaches.

The most effective training, notably that on how to detect scams is provided by Phishing Tackle. Start your two-week free trial of Phishing Tackle security awareness training now to help your employees.

Recent posts