Cybersecurity firm Sophos has issued a warning for a new Facebook scam. The researchers at the firm say that cybercriminals are sending a video link from the user’s account, which asks their friends to enter their Facebook username and password. The video link is called ‘Is it you in the video?’ If a user falls for the scam and enters their details in the link, they stand to lose access to the Facebook account.
When the username and password are added to the fake login page, it will get submitted to a server running on a low-cost web hosting service in the USA. This service is “using a vaguely legitimate-looking domain name that was registered less than a month ago,” as per a report by Sophos. This way scammers will be able to access your friend’s account. The firm says “there is no video, of course – the black image links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page.”
Facebook was an early adopter of HTTPS-for-everything, so any page claiming to represent Facebook but doesn’t have HTTPS is fake. HTTPS stands for Hypertext Transfer Protocol Secure and it uses the SSL/TLS protocol to encrypt data.
Users should use two-factor authentication (TFA) to protect their account. If you add TFA, a scammer won’t be able to log in to your Facebook account as they will be asked to enter a security code which only you can enter.
Users are advised to use an anti-virus with a built-in web filter. The cited source says that the “attacks of this sort generally don’t rely on sending malware to your computer, but instead rely on tricking you into uploading secret data like passwords from your computer. A web filter helps stop you landing on fake pages in the first place and therefore shields you from phishing.” One can use Sophos Home as it has a web filter and there is a free version available for both Windows and Mac.
Users should set a strong password (using unique characters) for every account. You can also use a password manager on your device as it will help you automatically get a different password for every website.
Sophos says that one “will get passwords that are random and can’t be guessed; it’s faster to change your password if you do get hacked, and it’s much harder to get phished because your password manager won’t put the right password into the wrong site.”
If you feel that your account has been hacked, try to get into your account as soon as you can (without clicking on any links that anyone just sent you). This is only possible if you still have access to it on some other device, then you should change your password right away. If you have lost your account, you need to immediately report to Facebook.