Facebook users should be on the lookout for suspicious chat messages apparently sent from friends on Facebook that implore them to watch a video by clicking a link.
Scammers are tricking Facebook users into clicking dangerous links by sending them chat messages that urge them to click a link. The messages claim the user is in a video and the user needs to click the attached link to see the video.
However these links will either lead to a spoof “phishing” login webpage or may try and lure a visitor into installing malware.
These dangerous messages are being sent over Facebook’s private messaging service (Facebook Messenger) and appear to have been sent from a friend. However this is because that friend has had their own account compromised, subsequently allowing criminals to send chat messages to the friends of the compromised account. An example can be seen below.
The links are accompanied by messages such as “You are in this video” or “This video belongs to you?” This message can vary from scam to scam, but will be designed to lure the recipient into clicking the link.
Depending on what variant of this scam you stumble across, a victim may be directed to either a malware scam or a phishing attack, as per the below descriptions.
The phishing scam variant
Phishing scams are designed to trick victims into handing over their account login credentials, and this is most commonly achieved by setting up spoof login pages that look just like the legitimate login page for the account they are targeting. However these spoof webpages will steal any login credentials entered into them and send them to the scammer.
So in this case, the links that appear through Facebook Messenger will link to spoof webpages hosted outside of the Facebook.com domain. These webpages will ask the visitor for their Facebook username and password, which, when entered, are sent to the scammer who will gain access to that account (if the victim didn’t enable two-step authentication, which we recommend they do.)
See the below image for an example of a spoof webpage which you can see from the web address at the top it does not belong to Facebook.com.
The malware variant
Alternatively, these links posted through Facebook Messenger may lead to webpages laden with malware. In this case, the visitor is likely to be told to download something to make the video play. This could be a “codec” or video update.
However it’s not. It is malware that – when downloaded and opened – will infect the victims computer.
Regardless of which variant you happen across, both compromise the security of your Facebook account, and if you fall for them, it will likely result in your Facebook account posting the same malicious links to all of your Facebook friends accounts. If you do fall for such a scam, remember to change your Facebook password and run a full antivirus scan on your computer.
And remember, just because a link appears to be from a friend, it doesn’t mean they sent it to you. Suspicious links should not be clicked, regardless of whether or not you know the person who sent it to you.