The latest scam involves the social networking site, Facebook. In this scam, the bad guys steal your Facebook login details in order to take over your account and use it for criminal means.
The bad guys works by convincing Facebook users to click on a video link. To spark your interest, the video will typically feature “Is this you?” or “Did you make this video?” in the description, and it will almost certainly originate from one of your friends (who already fell for this scam and had their credentials stolen).
If you click the link, you’ll be taken to an intimation of the Facebook login page where you’ll be asked to confirm your information before being able to watch the movie. It’s only if you look at the URL at the top of the website, you’ll realise it’s fake. If you don’t pay attention and enter your information here, bad guys will have everything they need to take over your account.
If you receive one of these video links from a friend, the best course of action is to ignore it and alert your friend by phone or email, it’s possible that their account may have been hacked. It’s also likely that the video was sent from a cloned Facebook account that a scammer had already friended you.
If you entered your credentials on that fake login screen, you should change your Facebook password right away to prevent the scammers from gaining access. This is also a good moment to set up Facebook’s Two-factor authentication so you don’t lose access to your account if you fall for another phishing scam in the future.
If the scammers have already taken control of your Facebook account, you’ll have to go through Facebook’s account recovery process.
What should you do to protect yourself?
1. Use 2FA on any account you can:
Start implementing a multi factor authentication, cybercriminals will be unable to gain access to your account solely by phishing your password. For you, 2FA is a minor inconvenience, but for cybercriminals, it is a big obstacle
2. If you sense your friend’s account has been hacked, contact them using a different method:
Don’t reply using the same account you don’t trust — if it’s a scam, you’re just giving the bad guys a heads-up, and they’ll lie to you and tell you everything is OK.
3. If a friend alerts you that your account has been hacked, act quickly:
If you can still access your account, get into it as soon as you can (without clicking on any links that someone just provided you!), and change your password right away so the thieves won’t be able to use it.
4. Use a password manager:
Password managers help in a variety of ways: you automatically get a different password for each site; you get passwords that are random and cannot be guessed; it’s easier to change your password if you are hacked; and it’s much harder to be phished because your password manager won’t put the correct password into the wrong site.
5. Use an Antivirus:
These types of attacks usually don’t involve introducing malware to your computer, but rather tricking you into uploading sensitive information like passwords. A web filter protects you from phishing by preventing you from landing on fake pages in the first place.
The basic rule of cyber security is to never click on a link or attachment that seems suspicious in the least. It should always be treated with caution, even if it comes from a trusted friend.