Alert: Massive ‘How Are You’ Phishing Scam Targets 200 Million U.S. Residents

Beware: Hijacked Facebook Accounts Fuel Rising Impersonation Scams

A surging impersonation scam is exploiting hijacked Facebook accounts, targeting over 200 million users with fake messages from compromised profiles. Starting with innocuous greetings like “How are you doing today?”, cybercriminals impersonate friends or family to lure victims into fraudulent schemes, such as fake government grants, giveaways, or discounted goods.

Hackers use stolen Facebook profiles to send convincing messages, often including staged photos of cash or products.

How the Scam Works
Scammers use phishing links disguised as security alerts, prompting victims to “reset” passwords via fake login pages. Once accounts are hijacked, criminals message contacts with urgent offers. For instance, a common tactic promises a $150,000 “government grant” in exchange for a $2,500 “processing fee.” Pressure tactics and emotional language push targets to act quickly, while fake listings and photos (e.g., FedEx boxes filled with cash) add legitimacy.

Real-Life Victims
Jim, a retired tech worker, received a message from a compromised friend’s account about a grant from “Global Empowerment.” The scammer, posing as an agent, demanded $2,500 and sent a photo of a cash-filled box. Jim grew suspicious after noticing grammatical errors like “informations” and avoided the trap.

Lesa Lowery, however, fell victim after clicking a fake Facebook security email. She entered her passwords, losing account access. “I felt helpless,” she shared. Scammers then used her profile to target others.

Phishing emails or messages often mimic official alerts to steal login credentials.

Facebook’s Security Flaws
Past data breaches have exacerbated the issue. A 2023 breach at YX International, a Facebook SMS vendor, exposed 50 million accounts. Separately, 200,000 Facebook Marketplace records leaked online. Criminals exploit this data using tools like RaccoonO365, a phishing kit that bypasses two-factor authentication (2FA).

Protecting Yourself
Experts advise:

1. Enable 2FA for all accounts.
2. Avoid suspicious links—verify messages directly with the sender.
3. Use strong, unique passwords and update them regularly.
4. Monitor accounts for unusual activity.
5. Never pay upfront fees for grants or prizes—legitimate programs don’t charge.

The FTC emphasizes: “No government agency will ask for payment or passwords.” Stay vigilant and report scams to platforms and authorities.

Word count: 398
(Note: Add two images as linked above to meet the visual requirement. Adjust text as needed for flow.)