Be on the lookout for suspicious Facebook messages where one of your friends sends you an image of your profile picture attached to a link that appears to direct to YouTube. The link will also claim you have a high number of “views”.
Yes, this is a real scam. However despite good intentions from Facebook users who have fallen victim to the scam, a misleading warning message (below) has begun spreading –
WARNING!!!! ⚠ New scam: If one of your FB friends sends you a YouTube video with your picture as though it’s a video about you, DON’T OPEN IT. IT’S A VIRUS!!!….please copy & paste
In reality, this is not a virus. This warning is the typical result of non-technically inclined social media users vaguely assigning the blame to a “virus” despite it being a completely different type of scam. We often encounter this type of technophobe behaviour, often because many simply associate any type of Internet scam to a virus, or virus may be the only online security related threat people have heard of.
So what is this scam? In the examples we have seen, it’s actually a phishing scam. As you may have suspected, these suspicious links (as seen below) don’t lead to YouTube. They lead to other websites outside of Facebook. These sites appear to look like the Facebook login page – but they’re not. They’re spoof webpages designed to trick visitors into entering their Facebook username and password, which subsequently results in that information being stolen by criminals and the visitors Facebook account getting compromised (and inevitably will begin posting the same links to all their friends.)
If you’ve fallen for this scam by entering your username and password into a spoof login page, we recommend changing your Facebook password immediately.
This isn’t the first time we’ve warned our readers to be cautious of suspicious links sent through Facebook messenger, even if they do come from friends.
We haven’t seen any examples of this scam leading to malware-laden websites, but it is certainly not out of the question if the criminals decide to adapt their scheme. In which case the links could lead to websites that attempt to lure the visitor into agreeing to download malware, possibly by disguising the download as a “video update”, a tactic we discuss here.
Bottom line – don’t click on suspicious Facebook messages, even if they appear to be from friends. It’s a phishing scam.