A new phishing scam highlights, once again, that you must be careful of the ‘friends’ you trustA public service notice from the Better Business Bureau. Visit here.
September 19, 2019 — Have you received a Facebook message with a video link asking, “Is this you?” If you have, don’t click the link. Delete the message and make sure your firewall and anti-virus software are up-to-date.
There’s a phishing scam making the rounds. If you’re a victim, you receive a message from someone you know and trust, one of your friends and family members. The message expresses they were surprised to have seen you in a video and contains a web address that’s supposed to lead you to it. You’re not in the video. Don’t follow the link.
Phishing (pronounced fishing) is a fraudulent attempt to steal your information. Cybercriminals want your passwords, bank account numbers or other sensitive information, or they want to trick you into downloading malware onto your computer.
The cybercriminal might contact you through email, text message or social media. They act like someone actually fishing, casting out a baited hook again and again until a victim bites. Here’s how a typical phishing attack works:
- You receive a message that looks like it comes from a trustworthy source. It might look like it comes from a co-worker or a family member, or appear to be from your financial institution. You pay attention because you recognize the sender.
- The message urges you to type in a website address or click a link. When you do, you go to a clone of a legitimate website. In this Facebook phishing scam, you might think you’re on a Facebook login page when you’re actually on a page designed to capture what you enter.
- You type in the information it asks for, and that data is stolen. There are multiple versions of many phishing attempts, and some may also prompt you to download something that infects your computer.
- In many situations, your computer or social media account is used to send the phishing attempt back out to everyone on your contact list, this time using your name and image as “bait.”
Phishing attempts frequently imitate large banks, credit card companies, major online sellers, news agencies and common cell phone providers because it works. People assume communication from a nationwide bank chain or credit card company must be secure and important, so they’re more willing to trust.
Why Are the Scammers Using Facebook Messenger?
If regular fishermen just tossed in a hook, they wouldn’t catch much. The trick is to completely hide the hook by offering bait that’s irresistible to the type of fish they’re after. They don’t want the fish to nibble, or to think about whether or not they should bite. They’re hoping the bait looks so attractive their prey swallows it whole.
You only typically hear from people you care about through Messenger, so your guard is already down. When you see the notification you’ve received a message, you experience a tiny dose of positive emotion, expectation and curiosity. You want to know what this person you care about has to say.
Before you even click on the message, that bait has your attention.
The message reads something like, “Hey (your name), what are you doing in this video lol! Search ur name and skip to 1:53 on video. Type in browser with no spaces -> (then they give you a web address).”
The way it’s written makes it sound like they’re surprised to see you doing whatever you’re doing in a video of that type. Your curiosity intensifies, and you may also feel alarm. You wonder what they’re talking about, and you want to protect your reputation. Your concern might cause you to act before you think through the consequences.
How to Protect Yourself
Follow these tips to protect yourself from this and other Facebook scams.
- Always think before you click
If your friend wouldn’t typically send you that type of message, it’s best to check with them before you follow the link or type in the web address. It may have come from their account, but they could be victims too.
- Know videos shared on Facebook play when you click them
You shouldn’t have to type in additional login information, download something or navigate to an outside website.
- Use common sense
Scammers like to cause alarm to create urgency. You might get a message that indicates you’re in a compromising video, your password is being reset, your account is in danger of deactivation or some other situation that needs immediate attention. If it seems unlikely, watch out.
Read more tips on Phishing here.
Also be wary of phishing threats from executive impersonators (also called CEO impersonators or Whaling) in the workplace.
What If You’ve Already Been Scammed?
If you receive the message from a friend, let them know their account has possibly been compromised and just don’t try to access the video. If you ignore it, your account remains secure.
If you’ve already taken the bait, report the scammers to Facebook and let your friends and family know what happened to you. Then, change your login credentials. If you use the same username and password on other accounts, change those too. Also, use antivirus software to check and see if your computer has been infected with malware.
If you spot an illegal scheme or fraud, help us warn others by reporting it on the BBB Scam Tracker today.
To learn how to protect yourself from a variety of scams, go to “10 Steps to Avoid Scams”.
BBB serving Central East Texas and BBB serving Central Virginia contributed to this report.