Hackers Are Sending Suspicious Links on Facebook Messenger to Scam Unsuspecting Users
Key Points:
- Facebook Messenger has become the most recent minefield for unwary computer users — with attackers trying to spread a new variety of malware for the past few months.
- The attackers designed malware that disguises itself as a non-embedded video file.
- The scam starts when a victim receives a message from a friend with a link that seems to be a YouTube video.
- Once the victim clicks on the video file, they’ll download malware from a remote server to their computer or phone, allowing similar messages to be sent from the victim’s account.
- Security researchers believe that once you download the malware to your computer, hackers will use it to collect your personal information to access your bank account.
There’s no question that social media is a breeding ground for scammers and hackers. With a gazillion people sharing personal information online, it’s easy for criminals to get the data they need to commit identity theft or other forms of fraud.
Recently, hackers have been getting into people’s inboxes via Facebook Messenger — baiting people into downloading malware that turns their accounts into a medium for scamming friends.
How The Link-on-Facebook Scam Happens
Scams via Facebook Messenger usually begin with a friend on your contact list sending you a suspicious message, something like, “Guess who died,” followed by a link. The link may appear to be a video file from YouTube.
Many people click the link out of curiosity, marking the beginning of their troubles. When victims click on the non-embedded video file, they download malware into their computer, allowing their account to send similar messages to other friends. The victim’s friends can easily be susceptible to clicking the link because it comes from someone they know, quickly spreading the scam.
Security researchers say that the virus spreading the scam would likely collect personal information from the victims’ computers or phones and be used to access bank accounts.
Attackers Hijacking Facebook Pages to Send Malicious Links to Subscribers
In other instances, attackers send Facebook Messenger users malicious links that log them out of their Facebook account and then display a screen similar to the standard Facebook login page.
The screen will have all the Facebook login text fields for email and password. If you mistakenly fill in your credentials on that page, you’ll have given the hacker your logins. The page will then direct you to a YouTube-like link that’ll download malware into your device.
With your credentials, the attackers can hijack your Facebook Page and push the malicious links out to your subscribers, posing to be you. The recipients are more susceptible because they’ll see the message coming from a friend.
The Aim Behind the Malicious Links Scam On Facebook Messenger
Attackers are trying to use Facebook friends to spread malware. When they hijack your friend’s Facebook account, they’ll use it to send a malicious link. If you click the link, you’ll give the criminals control over your account, which they’ll use to bombard all your friends with the same link.
The idea behind these links is to implant Trojan malware in as many PCs or phones and then start to extract data. Attackers are trying to collect personal information to use it to access banks and other financial accounts.
How to Protect Yourself and Business From Facebook Messenger Scams
If you’re a victim of the Facebook Messenger scam, your first move should be to change your password. Changing your password will lock hackers out of your account if they already have access. If you were using the same password on other accounts, such as PayPal, you’d need to change those passwords immediately because attackers try the credential on nearly all accounts.
Avoid similar hacks that run on Facebook. Sometimes, the messages attackers send to victims on Messenger will be about the government program offering lots of money. The message will ask you if you’ve got yours. If you haven’t, the text will direct you to click a link to get yours.
The best way to avoid such scams is to be cautious about the links you click on Facebook. You shouldn’t click links from malicious people or even people you know when you’re unsure. When you see a malicious link from someone you know, you can reach them by other means and ask them if they sent you the link on Messenger.
When reaching out to confirm, avoid texting back on Facebook because if the attacker has control over your friend’s account, they’ll affirm that you go ahead and click the link. You can call to confirm why your friend sent you the link.
Many people like texting, but a call is more effective in such an instance. There’s a higher likelihood that the link may be a scam.
Even the Latest Anti-Malware and Patches Can’t Prevent Every Attack
The best approach to security is to minimize the risk of an attack. You shouldn’t click links from a source you usually don’t get links from. Exercise caution when on social media. Be careful about clicking on links that suspicious people send through private messages.
Many scammers use Facebook Messenger to send malicious links, hoping unsuspecting users will click on them and unwittingly provide their personal information. When you receive a link from a friend or acquaintance, ensure you verify its legitimacy.
Avoid clicking Facebook Messenger links, even if the message comes from someone you know. You can respond and ask for more clarification about the link they’ve sent.
Alvarez Technology Group Can Answer Nearly All Questions about The Security of Your Technology
The Facebook Messenger link is a new hack, trying to launch a malware attack on your phone or computer. While you should avoid clicking any link sent to you via Facebook Messenger at all costs, there are other security measures you need to take to secure your business’ technology.
At Alvarez Technology Group, we can help you and your employees develop a cybersecurity culture to ensure your business data is safe. Contact us today to discuss how we can help improve your cybersecurity posture.
