No, it's not You in the Facebook Video... it's a Phishing Link

Facebook Messenger Videos Phishing AttackScammers are using compromised Facebook accounts to circulate phishing attack to the hacked accounts’ friends, according to Paul Ducklin at Naked Security. The links are sent via Facebook Messenger, and appear to be a video with a blacked-out image and a caption that says “Is it you in the video?” Ducklin notes that these messages are much more effective when they come from a trusted account.

“From someone you didn’t know, a question like that would fall somewhere between bizarre and creepy, but from a friend, who wouldn’t want to take a look?” Ducklin says. “There is no video, of course – the black image links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page.”

If a user enters their Facebook credentials on this phishing page, their own account will be hacked and their friends will then receive similar messages. Interestingly, the criminals in this case attempt to trick their victims twice by redirecting them to third-party scams after stealing their credentials.

“After entering your password, there’s a short delay, as you might expect when logging in to any online service, after which the crooks seem to pick from a range of other scams and redirect you to one of them randomly,” Ducklin says. “These didn’t look as though they were being run by the same criminals, so we’re assuming the message-spamming crooks were simply hoping to collect ‘affiliate fees’ from other criminals in the underground. These ‘second redirect’ scams varied from specious VPN offers to a range of those ‘free’ phone deals where all you need to do is pay a modest delivery fee (£1.95 in the variants we saw here), thus giving the crooks a believable excuse to collect your credit card details.”

New-school security awareness training can help your employees recognize scams and teach them not to let their curiosity get the better of them.

Naked Security has the full story

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews