Some scammers exhibit a complete lack of ethics, and a recent trend shows that some have sunk even lower. In recent months, Malwarebytes Labs has uncovered scammers on Facebook targeting grieving individuals by using stolen images and fake funeral live stream links to steal money and credit card information. These scammers are becoming increasingly active, with new cybercriminals adopting similar tactics as successful schemes attract more malicious actors.
These scammers are becoming increasingly active, with new cybercriminals adopting similar tactics as successful schemes attract more malicious actors. Currently, two primary methods have been identified. One involves fake live stream links to the funeral, urging people to click and share the link with friends and family. The other method solicits donations purportedly on behalf of the deceased's family.
We traced one of these scams, but multiple variations exist.
Typically, these scams begin with a comment on Facebook under a funeral home’s announcement. The domain linked in the comment is not unique; Malwarebytes Premium blocks at least four other domains associated with similar scams, with more likely taken down by the time you read this. Following the link leads to a landing page that resembles this one.
All buttons on this site direct to a domain flagged for phishing. By bypassing the domain block, I was able to access a site that prompts users to sign up for “favorite movies” to gain access. Remember, I arrived here seeking a funeral live stream, not movie content.
After providing a fake email address, I was allowed to proceed. Next, I was prompted to activate my membership by entering my credit card details. Why would a free service require my credit card information?
The site claims:
“WHY YOUR CREDIT CARD?
We require a valid credit card to verify your geographic location due to streaming licenses for our content in specific countries. Your membership, which grants access to all our content, costs only 2.00€, unless you switch to premium mode at the end of a 3-day trial or fail to cancel during that period.”
However, the true motive is hidden in the fine print.
In March 2024, the BBC reported that these scammers often respond to memorial posts within minutes, using fake profiles and the deceased's photo and details in their posts.
These cybercriminals excel at crafting realistic Facebook posts, often copying genuine photographs of the deceased from funeral director sites or authentic tribute pages. However, these posts are fraudulent and can lead to significant financial losses for those who engage with them.
Protect Yourself and Others -
To combat this issue, several funeral homes have started adding disclaimers stating that “this funeral is not being live streamed” to their online notices.
The National Association of Funeral Directors emphasizes: “ You should never have to pay to view a funeral live stream, and official links will be provided by the funeral director to the bereaved family.” Be cautious of unfamiliar friend requests, as they may be from scammers looking to comment on your posts.
If you encounter comments containing these links, report them to Facebook immediately to help prevent others from becoming victims. Never share your credit card information unless you are completely certain of who you are dealing with. Even then, providing such information online carries inherent risks.
Associated Domains -
Fake Streaming Sites:
Qtvlivestreamhd[.]com
Hqonlivestream[.]xyz
Visitpageaus[.]com
Auseventstream[.]com
Phishing Sites:
pbg4jptrk[.]com
paperpadpen[.]com
Reference -
Related Posts
