BOOK THIS SPACE FOR AD
ARTICLE ADSome scammers have the morals of an alley cat. But some sink even lower.
Over the last few months, Malwarebytes Labs has discovered scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details.
These scammers are becoming more active and new cybercriminals are picking up the method as well, which is something we see very often. When some scheme works, more lowlifes join in.
Currently, we are aware of two different approaches. One uses fake live stream links of the funeral. It asks people to follow a link where they can watch the funeral service and to share the link among their friends and family. The other asks for donations on behalf of the family of the deceased.
We followed the flow of one such scam, but you should be aware that there are several variations.
Usually, this type of scam starts with a comment on Facebook below the notification of a funeral home.
Comment made to look like an update“UPDATE POST:
If you can afford you can donate.
Please share family and friends
Watch [name] Loveing Memory & Funeral ServiceLive Stream Online
WATCH LIVE [link]”
The domain the comment links to is not unique. Malwarebytes Premium blocks at least 4 other domains involved in the same type of scam. And there were more which have been taken offline by the time you read this.
If you follow the link, you’ll end up on a landing page similar to this one.
All three buttons lead to the same phishing siteAll the buttons on this site pointed to a domain which we block for phishing.
Malwarebytes blocks pbg4jptrk.comAdding the domain to the exclusion list allowed me to follow through, and I ended up on a site that wants you to sign up for your “favorite movies” so that I could allegedly get full access. Remember, I came here following links to the live stream of a funeral—not because I wanted to watch my “favorite movies.”
Sign up site to watch your favorite moviesAfter feeding the scam site a bogus email address, I was allowed to move on.
Membership activation. Credit crad details needed.Here I am invited to activate my membership by providing my credit card details. Why do they need my credit card details for a free service?
This is the reason the site provides:
“WHY YOUR CREDIT CARD?
We have streaming licenses for our content for certain countries only. That’s why we need to verify your geographic location using a valid credit card. Your membership entitling you to all our content is only 2.00€, unless you decide to switch to premium mode at the end of the 3-day trial membership, or do not cancel your membership within the trial period.”
But the real reason can also be found if you look closely. Did you spot that tiny pre-checked line at the bottom of the left-hand pane?
I enlarged it, so you can read what the small print says.
The small print“I consent and accept the conditions of the membership and would like a secondary membership. 2X recurring payments every 14 days, current rate (64 €). Cancel anytime.”
In March of 2024, the BBC warned that these cybercriminals sometimes respond to a posted memorial message within minutes. Using a fake profile and including the photograph and personal details of the dead person in their post.
The cybercriminals are good at making these Facebook posts look real. They often copy and paste real photographs of the deceased person taken from a funeral director’s site or a genuine tribute site. But they are fake and could turn out very costly for those that fall for them.
Protect yourself and others
Several funeral homes have started adding a note that “this funeral is not being live streamed” to their online notices to reduce the chance of people falling victim to them.
The National Association of Funeral Directors says:
“You shouldn’t have to pay to view a funeral live stream and official links will be provided via the funeral director to the bereaved family.”
Be aware of strange friend requests. They may be from scammers looking for a way to comment on your post.
When you see a comment with these links, please report them to Facebook immediately. They will be removed as soon as possible so others may be spared of falling victim.
Never provide your credit card details unless you are 100% sure who you are dealing with. And even then, filling out this type of information online always comes with a risk.
Associated domains
Fake streaming sites:
Qtvlivestreamhd[.]com
Hqonlivestream[.]xyz
Visitpageaus[.]com
Auseventstream[.]com
Phishing sites:
pbg4jptrk[.]com
paperpadpen[.]com