Facebook users should be aware of the latest spate of dangerous links being circulated on Facebook Messenger that come from a friend’s account that include a link to what appears to be a video on YouTube.
The link appears to lead to YouTube, but actually direct to a spoof webpage owned by scammers.
The link sent through Facebook Messenger will attempt to lure recipients into clicking it using various social engineering tricks. An example below –
I was surprised when I saw you
We have previously warned of a similar scam earlier this year.
What happens when you click the link?
These scams will try to do 1 of 3 things –
Scenario 1. Lead you to a spoof login page that steals your username and password when you enter it.
Scenario 2. Or it will try and trick you into installing malware or a malicious browser extension posing as some kind of video player update.
Scenario 3. Or it will lead you to a webpage that asks you to install a spammy Facebook app.
Read below for more information on each.
Scenario 1. If the crooks are after your username and password, then the link sent through Messenger will lead to what appears to be a genuine login page, either for Facebook or YouTube. However it’s not a real login page, and any information entered into either the Username or Password text boxes is sent to a scammer.
An example of a phishing webpage designed to look like the Facebook login page can be seen below –
Scenario 2. If the crooks are trying to trick you into installing malware, then the link will direct the victim to what appears to be the YouTube website, but (like above) this website is just a spoof website owned by the scammers. The site will claim you need to install an update or an extension to view a video – but this is actually malware.
Scenario 3. If you gave a Facebook app permission to install onto your account after clicking the link, then you may have given that app permission to do certain things from your Facebook account, such as spam the same link to your friends through Messenger. A visitor would need to grant permission for the app to install.
Falling for any of these scams can potentially give crooks access to your Facebook account and the ability to send the same spammy links to your friends list through Messenger posing as you.
What to do if I fell for the scam?
Scenario 1. If you entered your Facebook password after clicking the link, you need to change it as soon as possible by going into your Facebook settings and selecting Security and Login. If you entered your login credentials for any other online account (e.g. YouTube) then the same applies – change that password.
Scenario 2. If you think that after clicking the link you gave permission for something to install on your device, then you need to run a full antivirus scan straight away with your up-to-date antivirus scanner. If you’re looking for our recommended antivirus software, click here.
Scenario 3. If you believe you gave permission for a Facebook app to install on your account, go to your main Settings, click Apps and remove any apps that you don’t recognise or trust.
If you just clicked the link and A. didn’t install anything and B. didn’t enter your username and password, then you should not be affected by this. Users who didn’t click the link will not be affected.