A Facebook scam that has been circulating for years seems to be making a comeback. And if you fall for it, you’ll have your Facebook login info stolen by the scammers, who can then hack your account and use it for a variety of nefarious purposes.
The scam works by tricking Facebook users into clicking a link to a video. The video will often have some variation of “Is this you?” or “Did you make this video?” in the description to pique your interest, and will likely come from one of your friends (who already fell for this scam and had their credentials stolen).
If you click on the link, you’ll be taken to a fake Facebook login page with a message about confirming your information before you can access the video. It is pretty obvious the page is fake if you notice the URL at the top. But if you're not paying attention and you enter your info here, you’ve just given the scammers what they need to take over your account.
As a final insult, you won’t be taken to the video (which never existed in the first place), but dumped into a spammy affiliate ad network for NSFW games, sketchy app downloads and survey scams. I’ve seen a few valid apps, too, such as Norton Secure VPN on Google Play, but these companies have no part in the scam (after I notified Symantec, Norton’s parent company, about the app’s inclusion, a spokesperson told me “Upon learning of this issue, we worked with our mobile advertising partner to quickly identify and blacklist the bad actor responsible for this threat. We are also working to identify consumers who may have been impacted to help them with any residual effects.”)
The best course of action if you get one of these video links from a friend is to not click it and notify your friend by phone or email, if possible, that their account may have been compromised. It’s also possible the video was sent from a friend’s cloned Facebook account that a scammer used to friend you in the past.
If you made the mistake of entering your credentials on that fake login page, you should immediately change your Facebook password before the scammers have a chance to get in. This would also be an excellent time to consider setting up Two-factor authentication for Facebook so you won’t lose access to your account if you fall for another phishing scam in the future.
And if the scammers have already taken control of your Facebook account, you’ll need to go through Facebook’s account recovery process to regain access.
Author's note 5/25/2021: A number of comments have come in indicating that their accounts were compromised even though they didn't not attempt to log in. I've researched this issue quite a bit and, despite nearly two years having passed since I first wrote this story, I still haven't seen any credible evidence that malware or other hacks are being exploited to steal user credentials through this scam. Everything I've read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I'm sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.
So how come all the reports of exploits where people didn't log in? Here's what I think may be happening:
1) People did log in, but it's such a natural action for them that they don't even remember that they did.
2) Your account was already compromised, either through a previous phishing attempt or because you have weak password security that allowed an attacker to access your account through a data breach from another source.
3) These requests are coming from cloned accounts
4) You didn't log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised your system.
For more insight on what is happening, go to your Facebook Settings > Security and Login to see where and when you have been logged into your Facebook account.
If I uncover any new information about malware associated with this scam, I will update the article.