Facebook users should be aware of fake links that appear to have been sent by a Facebook friend through Messenger that claim to link to a video, as these are leading to dangerous websites.
Many of the fake links appear to lead to YouTube, but actually lead to malicious websites designed to look like YouTube.
The fake links will typically use a short message designed to lure the recipient into clicking the link, such as claiming that the recipient is in a video. Examples can be seen below.
[name] it’s you?
I was surprised when I saw you [name]
The aim of the fake links is to either trick a Facebook user into handing over their Facebook login information (phishing) or tricking them into installing malware. Both of these scams have the potential to take over the account of the victim, leading to their Facebook account also posting out the same malicious links to Facebook friends of that account.
When you click the link, it is likely one of two things will happen depending on the variant of the scam.
If it is a phishing scam designed to steal login credentials, then the recipient will be forwarded to what appears to be the Facebook login screen. However the page isn’t Facebook, and any login information entered onto that screen will be sent to scammers.
Alternatively the recipient may be asked to download software after clicking the link. For example the webpage may claim you need to download a plugin or codec to view the video. However that download will be malware.
Sponsored Content. Continued below...
A phishing scam…
If the crooks are after your username and password, then the link sent through Messenger will lead to what appears to be a genuine login page, either for Facebook or YouTube. However it’s not a real login page, and any information entered into either the Username or Password text boxes is sent to a scammer.
An example of a phishing webpage designed to look like the Facebook login page can be seen below –
It is important to always check if you’re on the Facebook website when entering your login information by checking the web address at the top of the screen. You can also help protect yourself from phishing scams by enabling two-factor-authentication on Facebook, thus giving yourself an extra layer of protection. We have more details on how and why you should do that here.
Sponsored Content. Continued below...
A malware scam…
If the crooks are trying to trick you into installing malware, then the link will direct the victim to what appears to be the YouTube website, but (like above) this website is just a spoof website owned by the scammers. The site will claim you need to install an update or an extension to view a video – but this is actually malware.
Falling for any of these scams can potentially give crooks access to your Facebook account and the ability to send the same spammy links to your friends list through Messenger posing as you.
Never download files to your device unless you know they are safe, and never do it if you’ve just clicked a link on an email or chat message.
If you’ve fallen for this scam, we always recommend changing your Facebook password, and if you believe you downloaded any files to your device, run a full Internet security scam with good security software straight away. You can check out our recommendations here.