This particular phishing scam is currently in circulation on Facebook.
An account will post a clickbait news story, relevant to your local area, designed to cause panic – a child abducted, for example.
(I’ve obfuscated the name / photo of this, as it’s likely the account was a compromised account – probably from a similar sort of scam
When you click on the post, it takes you to a website that resembles a news website:
The content is poorly written (it’ll be “spun” automatically by a content-generating bot )
Towards the bottom, there’s a fake video. When you try and play this, it will inform you that you need to verify yourself, as the video is 18+
When you try and do this, you’ll be redirected to a fake Facebook login page.
What are the dangers?
If you enter your username & password in there, it will redirect you to Facebook – making you think you’ve logged in successfully.
However, what has actually happened is that your username and password have been sent to the hacker who can now access your account.
How to protect yourself
-
Don’t ever login on any website that isn’t Facebook.comInspect the URL manually in the address bar.
-
More importantly, you should use 2-factor authentication.In a nutshell, it requires you to use a secondary means of authentication, as well as your email address & password, to login.When trying to login, Facebook will then send you an SMS, or require you to use an authentication app to complete the login.This means that even if a hacker has your email address & password (because you accidentally filled it on out a phishing site, for example) they can’t login, as they don’t have this second authentication mechanism.Facebook have a good help article on this: