I’ve seen evidence of this scam occurring amongst my Facebook friends this Christmas. It’s a straightforward phishing scam, where one of your friends sends you a Facebook Message with an apparent link to a video of you. Sometimes they might ask “Is this you?” or tell you to go a specific point in the video to see yourself. Of course what has happened is your friend’s account has been hacked and the scammers are using your friend’s contact list to spread their evil wares.
This is an example of a message that a friend of mine received from one of their Facebook friends. I’ve blurred the pics and redacted the name to protect the parties involved:
This is pretty compelling. It looks like there is a video of you on YouTube with nearly 384K views. You’ve got to go see what everybody is looking at … right?
If you click on this, it will either take you to a web page that asks you to sign-in to Facebook with your ID and password or it tries to install a facebook app and looks for various permissions to your Facebook profile.
If you proceed with either signing in or installing the app, then your Facebook profile now belongs to the bad guys. They will mercilessly spam and phish your Facebook friends.
If you have fallen for this, then first thing to do is remove the app from your Facebook account (if it has access). Go to Facebook -> Settings -> Apps and locate the offending app and remove it’s access. You could also go into Facebook -> Settings -> Blocking and block the app there too.
Next thing you must do is change your Facebook password. You will find this under Facebook -> Settings -> General.
And finally, if you had used the same password for Facebook and for your e-mail, for the love of dogs, change your e-mail password right now and change it to something else completely different to your Facebook password. If the evil doers compromise your e-mail account, your online life will become a lot more troublesome for you than a few spammy Facebook messages.
Finally, finally – if you have not already done so, turn on Two Step Verification/Login Approvals/Two Factor Authentication, whatever they call it, on your all of the on-line accounts that you have, which have this feature. What this means is that not only do you have to have your user ID and password to access your account, but also a code generated by an App on your phone or a text message sent to your phone which adds another layer of protection. If the bad guys get your ID and password, they won’t be able to compromise your account without access to your phone.
There’s more detail about this subject here.
Let’s be careful out there.