If you’ve ever wondered why cybercriminals are interested in your yên passwords……well, it’s not just so they can sneak into your account & snoop through your personal data with a view to lớn abusing it themselves or selling it on to lớn someone else who will.Access lớn your tài khoản also gives crooks a cấp độ of trusted access khổng lồ your friends and family that makes scams of all sorts much easier to lớn pull off.Whether it’s pitching a bogus investment plan, luring someone to a fake login page, persuading them khổng lồ submit an application size for a non-existent job, or simply getting them khổng lồ waste their money on useless, overpriced, shoddily made tat……well, it’s much more likely that a scammer will be able to lớn talk you into clicking a liên kết using a message that actually came from a friend’s trương mục than if they just contacted you out of the blue.Indeed, many users deliberately limit their “circles of contact” on social media and instant messaging services not just for privacy reasons but also lớn cut down on the sort of unsolicited messages, spams and scams they endure via email.

Bạn đang xem: There's a new facebook scam


*

24/7 threat hunting, detection, và response delivered by an expert team as a fully-managed service.

A menace to lớn those around you

A scammer with your instant messaging or social truyền thông media passwords is not only a menace lớn you, but also to lớn those around you, as one of our readers discovered this evening when he received a chú ý from a friend via Facebook Messenger that said:

*

Is it you in the video

From someone you didn’t know, a question lượt thích that would fall somewhere between bizarre & creepy, but from a friend, who wouldn’t want to take a look?
There is no video, of course – the đen image link to a URL shortening service, which in turn redirects khổng lồ a URL that pops up what looks lượt thích a Facebook login page:

*
The URL (redacted above) clearly has nothing to vì chưng with Facebook – it’s a randomly-generated vps name on a boutique Hungarian website hosting platform – and, as you can see from the crossed-out padlock icon in the address bar, the site uses HTTP và not HTTPS.Facebook was an early adopter of HTTPS-for-everything, giving up on HTTP altogether back in 2012, so any page that claims khổng lồ represent Facebook but doesn’t have HTTPS is an unreconstructed fake.


Unfortunately, putting in your username và password into the nhái login page above would submit them to lớn a hệ thống running on a low-cost web hosting service in the USA, using a vaguely legitimate-looking domain name name that was registered less than a month ago.Our reader immediately assumed that his friend had himself recently recieved a similar (perhaps even an identical) message, và had not only clicked through but attempted to lớn login, handing his password to the crooks và thus ensuring that all his contacts would soon be spammed in turn.

After the giả login page

This scam goes even further – whether as a distraction khổng lồ buy a bit of time before victims realise they’ve been taken in & rush lớn change their Messenger passwords, or simply to lớn give the crooks a second bite at the cherry, we don’t know.After entering your password, there’s a short delay, as you might expect whan logging in to lớn any online service, after which the crooks seem lớn pick from a range of other scams and redirect you khổng lồ one of them randomly.These didn’t look as though they were being run by the same criminals, so we’re assuming the message-spamming crooks were simply hoping lớn collect “affiliate fees” from other criminals in the underground.These “second redirect” scams varied from specious VPN offers lớn a range of those “free” phone deals where all you need to bởi vì is pay a modest delivery fee (£1.95 in the variants we saw here), thus giving the crooks a believable excuse lớn collect your credit thẻ details.


What to do?

Use 2FA on any trương mục you can. Adding a second factor of authentication means that the crooks can’t phish your password alone & then access your account. 2FA is a minor inconvenience lớn you, but a major roadblock for cybercrimimals.If you think your friend’s tài khoản has been hacked, contact them via some other method. Don’t reply via the very same account that you don’t trust – if it is a scam, you are just tipping off the crooks, who will lie to lớn you and tell you everything is fine.If a friend lets you know your tài khoản was hacked, don’t delay. Get into your trương mục as soon as you can (without clicking on any link that anyone just sent you!), assuming you can still access it, & change your password right away so the old password is useless khổng lồ the criminals.Use a password manager. Password managers help in many ways: you automatically get a different password for every site; you get passwords that are random & can’t be guessed; it’s faster khổng lồ change your password if you vì chưng get hacked; và it’s much harder to lớn get phished because your password manager won’t put the right password into the wrong site.Use an anti-virus with a built-in web filter.

Xem thêm: Bị Bóp Tương Tác Tiktok - Cách Khắc Phục Tiktok Bị Flop

Attacks of this sort generally don’t rely on sending malware lớn your computer, but instead rely on tricking you into uploading secret data like passwords from your computer. A web filter helps stop you landing on fake pages in the first place và therefore shields you from phishing. (Sophos home has a website filter – there’s a free version for both Windows và Mac.)
*

Paul Ducklin is a passionate security proselytiser. (That"s lượt thích an evangelist, but more so!) He lives and breathes computer security, & would be happy for you to bởi so, too.

Just like a character in a horror movie investigating a strange noise in the basement, we can all be a little too curious for our own good. Unfortunately, it’s this exact curiosity that’s being exploited by bad guys on Facebook. But how exactly are they doing it—and even more importantly, why are they doing it?


If you’ve received a liên kết to a video on Facebook messenger saying, “this looks like you”, vì chưng NOT click on the video. It is a scam. Without understanding the risk, many people are unknowingly falling victim to lớn this attack simply because they figured they were watching a harmless đoạn clip sent khổng lồ them by a friend. Little did they know, one small click is all it would take to compromise their Facebook account, and potentially their device as well.

How it starts

If you haven’t seen this message already, it begins when you receive a message from a “friend” on the Facebook messenger app. All it is, is a text that says something along the lines of 

“This looks lượt thích you in this video”

“I think you appear in this video”

Or even,

“It looks like someone you know was in this oto crash”

Most of these messages will have a liên kết to click, but others have attachments such as the one below:


*

While this “friend” sending you the message could be someone you barely know & just have added on Facebook, it could also be someone you’ve known your whole life—all this means is that whoever sent you this message has had their account taken over by the scammers and that the bad guys are trying to bởi the same thing to you.

What happens if you do click on the video?

If your curiosity does get the best of you, clicking on the clip can result in a number of different things.

1. Fake Login Screen

One outcome we’ve seen will xuất hiện up a new page that looks just like any other Facebook login screen. It’ll ask that in order lớn allow access khổng lồ the video, you’ll need lớn verify your tài khoản information, which is exactly what the bad guys want you to lớn do. Inserting your login credentials here will hand them directly over to the criminals. From here the scammers are không lấy phí to vày whatever they want with your information.

2. Installation of malware

Another way the criminals can get khổng lồ you & your information via this “it looks like you video”, is by having you install malicious software disguised as a plugin or download required to lớn watch the video. While the goal of the criminals is still the same—taking over your tài khoản with the intention of spreading the video clip to others—the malware allows for more complex methods of doing so. According khổng lồ an IT firm ESET, the malware has the capabilities to add more friends, create giả pages on, share/create/edit your post, and even unfollow other users.

Not khổng lồ mention there is also the risk that ransomware could be installed using similar methods, which could completely lock you out of your device and encrypt your personal files.

Note: You are not guaranteed khổng lồ get infected with malware if you click on this message—this is just one of the possible outcomes, và is also dependent on the device and platform & you are using.

3. Spreading it lớn others

If you did click on the link, one of the first things you may notice is that you’ve also sent the message khổng lồ everyone in your contacts. The good news is, is that you still have access lớn your account. The bad news is, the bad guys most likely have your login information.

If you have clicked on the video…

If you no longer have access lớn your Facebook or messenger account, it can be a tedious process to get back in. The only thing you really can do is lớn get in cảm ứng with Facebook tư vấn and report the issue to lớn them. You can visit their help center here.

If you do, here are some steps you can take to try & minimize the potential damage that scammers could get away with.

1. Change your Facebook passwords immediately

If you remember putting your information into a login screen after clicking this message, it’s only a matter of time before the bad guys try khổng lồ take over your account and completely lock you out. Changing your credentials before they vì so can be your best defense against this kind of attack.

Regardless of if you still have access or not, you also need lớn change this password if you’ve used them anywhere else (other social media or online banking accounts). It’s highly recommended that you vì so because all these stolen credentials that scammers collect can be bought and sold khổng lồ other criminals on a massive scale.

2. Phối up two factor authentication

Both Messenger & Facebook have an extra security feature known as two factor authentication. This sends a 6-digit pass code to your phone number that’s required anytime you try to lớn log in. So unless the bad guys have this 6-digit code, there is no way for them to log in lớn your account.

You can activate this by going lớn settings, privacy, and looking for the option lớn enable two factor authentication.

3. If you bởi vì believe you’ve installed malware, limit the damage that it can do

Depending on the device you’re using, it can be easier/harder for malware lớn be installed. If you are using a computer, & you believe there’s a chance malicious software has been installed, the best thing to do in this scenario would be to lớn take your device to lớn an IT specialist. While there are a number of steps you can take khổng lồ try and detect/remove the malware yourself, if you wouldn’t consider yourself tech-savvy, it’s better khổng lồ leave this to lớn the professionals. 

4. Warn Others

One last thing, chia sẻ this with your family and friends. Create a simple post telling them not khổng lồ click on videos that say “this looks lượt thích you…”, or nội dung this blog post with them. Spreading awareness for these types of scams can help others completely avoid them in the first place.

If you have been infected & you’ve sent this message out to lớn all your contacts already, make sure to lớn let everyone that’s received the message know that you were hacked, and to NOT click on the message.