Provided by KnowBe4


Our friends at KnowBe4 security company share a Facebook phishing scam, which is sending posts that appear to come from family and friends. Watch out so you don't get scammed. 

The Facebook Phishing Scam

This Facebook phishing scam starts with a post from a friend that says, “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack.

“Scammers use compromised Facebook accounts that appear to come from your friends and family, which makes this phishing attack very convincing,” says KnowBe4. “If you fall for their tricks, scammers can then use your Facebook account to post the same message to your friends and family.”

Security Tips

KnowBe4 suggests following these tips to avoid falling victim to a Facebook phishing attack:

  • When possible, use multi-factor authentication (MFA) as an added layer of security for your accounts. The MFA will prompt you to provide additional verification before logging in, making it more difficult for scammers to compromise your account.
  • A post from a friend may seem trustworthy, but their account could be compromised. Reach out to your friend over the phone or text to verify that their post was legitimate.
  • Remember, this type of phishing attack isn’t exclusive to Facebook. Scammers could use this type of attack on any social media platform.

Learn More

For more security tips to stay safe online, check out our additional resources:

  • Safety & Security resource center, which shares recommendations on how you can help protect yourself from fraud, scams and ID theft.
  • Learning Center, which shares common scams and how to avoid falling victim to one.


Information in this article is provided, in part, by KnowBe4. This article is intended for information purposes only. The information provided does not constitute professional or legal advice. To learn more about Security Awareness and Training, visit