Facebook users will want to keep their eyes peeled for a new phishing scam that's targeting their messages, the Better Business Bureau says in a new warning.
Here's how the scam works, according to the BBB: Users receive a Facebook message with a video link asking, "Is this you?" The message will come from someone you are friends with on Facebook, trying to entice you to click the link. The message may also say something like, “Hey (your name), what are you doing in this video lol! Search ur name and skip to 1:53 on video. Type in browser with no spaces -> (then they give you a web address).”
According to the BBB, this is a phishing scam that is trying to steal your information.
"Cybercriminals want your passwords, bank account numbers or other sensitive information, or they want to trick you into downloading malware onto your computer," the BBB says in a news release.
The new Facebook scam mirrors a typical phishing attack.
Most phishing scams start with a message that appears to come from a trustworthy source, such as a friend, family member or a financial institution, like a bank or credit card company. Most people are inclined to pay attention to those types of messages so it catches their attention. Then, the message urges people to type in a website address or click a link, and when they do, they get redirected to a clone of a legitimate website. In some phishing attempts, you may also be prompted to download something that infects your computer.
In the Facebook phishing scam, you might think you’re on a Facebook login page when you’re actually on a page designed to capture what you enter. When that information is entered, the data is stolen.
In many phishing attacks, your computer or social media account is used to send the scam back out to everyone on your contact list, this time using your name and image as "bait," the BBB says.
"The cybercriminal might contact you through email, text message or social media" the organization says. "They act like someone actually fishing, casting out a baited hook again and again until a victim bites."
The BBB offers the following tips on how to protect yourself from these types of scams:
- Always think before you click. If your friend wouldn’t typically send you that type of message, it’s best to check with them before you follow the link or type in the web address. It may have come from their account, but they could be victims too.
- Know videos shared on Facebook play when you click them. You shouldn’t have to type in additional login information, download something or navigate to an outside website.
- Use common sense. Scammers like to cause alarm to create urgency. You might get a message that indicates you’re in a compromising video, your password is being reset, your account is in danger of deactivation or some other situation that needs immediate attention. If it seems unlikely, watch out.
So what should you do if you receive a message that looks like it might be the Facebook phishing scam? First, do not click the link. Second, let the person who sent you the message know their account has possibly been compromised. Additionally, you can delete the message. But as long as you don't click the link, you should be OK.
If you suspect you've already fallen victim to the phishing attack, report the scammers to Facebook. Also be sure to change your login credentials.
The BBB also recommends making sure firewall and anti-virus software on your computer is up-to-date.