If you have a Facebook account, you may have recently received a message or been tagged in a post from by someone with the subject line “Look who died.” The message includes a link to a fake news article about the death of someone you know. Don’t click on the link. 

This is not a legitimate news story – it’s actually a phishing scam that can steal your login information or install malware on your device.

When you get to that page, there’s no word about anyone you know being dead. Instead, you’ve just become a phishing victim. By this time, your login information is known to the attacker. Your computer is likely infected with malware and might be sending out the same message to the rest of your friends.

So, what should you do if you fell for the “Look who died” Facebook message?

  1. Firstly, make sure you’re not locked out of your account. If your password hasn’t been changed, there are things you can do to mitigate the damage. To start, immediately change the password yourself, so the hacker can no longer log into your account.
  2. After you’ve changed your password, report this problem to Facebook. This is important because the company is constantly tracking activities like this, and reports can help Facebook eliminate it and stop it from happening to someone else.
  3. Head to security settings and log out of any locations or devices you don’t recognize. You can do that by clicking on the menu and choosing “not you?”
  4. Do the same with apps. Any websites or apps that have permission to access your Facebook account should be reviewed. If there are any that you don’t recognize, remove them.
  5. When you go to general settings, make sure to check the email addresses linked to your account. If there are any unknown ones, remove them as well.
  6. If you don’t have two-factor authentication, turn it on. This is an essential security measure for any online account you have these days, not just the one on Facebook. With two-factor authentication, you will be notified of each login attempt and only be able to log in with the information that you’ve received through SMS or an email.
  7. Lastly, just in case, change your email password. Your email is the most important pillar in terms of your personal cybersecurity. Having multiple accounts compromised is far more likely if you lose access to your primary email address.
  8. Scan your device using anti-malware software. Even if you think your messenger isn’t hacked, signs like your friends telling you they received strange links from you shouldn’t be ignored.