Good afternoon and welcome back to another post from ToBeSecured. I know what you all are thinking - wow, two posts in one week, she must be in a great mood. After attending an interactive and educational training on last week, I must say I am drained mentally and physically, but the work must go on. The article I wrote on Monday was information that was sent to me over this past weekend and I decided to release it earlier in the week in hopes of having an article to write about on today also. Fortunately, it all worked out and I was able to drop two posts in one week without running around in distress. So, if you haven't already, go and read my post from Monday and leave a comment if you decide to.
On today's topic of ToBeSecured, we will be discussing phishing and how malicious people are leveraging Facebook to complete the tasks.
I think it was early June or after when I first received a message in my inbox, with a link to another site, notifying me that I am in the video. I already knew it was click bait given I have a background in cyber security, but I decided to click on it anyway. The link sent me to a new window where I was prompted to login to my Facebook account. Whenever clicking on videos or pictures on social media, usually you're able to view them on that platform. My common sense was telling me someone is on a hunt to hack into my account and without a doubt, my family and friends' accounts, too. Another thing that triggered my cyber senses was the person it came from. I don't ever receive messages from this person on social media, especially Facebook. There was nothing different from that day since it was definitely at the most random time of day. Anyways, I decided to delete the message and notify the person the account belongs to, that their page was possibly being hacked or duplicated for phishing purposes.
Today, my sister sent me a news article about this same phishing scam, and at the least, I am not surprised to find out it has been this long before anyone picked up on it. This includes myself because it never crossed my mind to write about the incident. The Better Business Bureau (BBB) says it’s best that consumers do not click messages on social media sites, emails, or text messages that state “Is this you?” The BBB says these messages are likely to come from someone the user knows and has a good relationship with, including friends and family members. However, the person behind them is most likely a cyber-criminal hoping to get personal information from the user.
This is how they get you: We (social media users) receive messages that look like or is disguised as a message coming from someone we feel is trustworthy, usually a friend, coworker, or family member. Some may even appear as if it is coming from a trustworthy financial institution, and users process it as legitimate because they recognize the "sender". The message prompts the user to type in a website address or, in my case, click a link. When you follow this action, you are then brought to what looks like a legitimate website, but in reality is a clone. In this Facebook phishing scam, the page is designed to look like a Facebook login page, but the duplicate seize's the user information they enter. The data you provide will be stolen and likely stored or you may be asked to download malicious content that serves as a virus, ready to infect your computer or device you're using. Once you have fallen for this scheme, your social media will be used as a gateway to attack others you follow, or those within your contact list, but by using your name and image as decoy.
Phishing attempts frequently imitate large banks, credit card companies, major online sellers, news agencies and common cell phone providers because it works, the BBB says. People assume communication from a nationwide bank chain or credit card company must be secure and important, so they’re more willing to trust.
Why Are the Scammers Using Facebook Messenger?
People tend to communicate with their loved ones often through social media or, specifically in this case, Messenger, and overtime they become less private. Seeing the notification appear on their screen that they’ve received a message, they experience curiosity and expectations. They want to know what this friend or loved one has to say or share.
Some messages include content as such, “Hey (your name), what are you doing in this video lol! Search ur name and skip to 1:53 on video. Type in browser with no spaces -> (then they give you a website address).”
To be secured from this phishing incident, follow these helpful tips and share with others as well.
Use common sense. If you receive a message that specifies resetting a password, you're in a compromising video, or even from an earlier post of mine, the platform is changing its' policies, ignore it. It's total spam.
If you receive a message that previews to look suspicious, do not click on it. If you do, contact that person externally and question them about the content in the message prior to clicking on it. Just because it comes from their account, doesn't mean they sent it.
In my case, if you receive a message from someone you usually wouldn't be communicating with over social media, do not think twice about it. Don't open it. Delete it and notify them it's a possibility their page is being hacked. I have notified many people.
Facebook or Instagram videos usually play when you click them versus sending you to a new window. Clicking on a video will not prompt you to log in again or ask for critical information.
If you would like to discuss further, please leave a comment or ask a question. I'd love to chat with my readers and hear your thoughts. Thank you for dropping in and remember ToBeSecured!
Comments