Facebook is frequently targeted by scammers and a new phishing scam is out there trying to lure Android and iOS users to reveal their login details.
It was Finnish cybersecurity company F-Secure that first spotted the campaign around 2 weeks ago.
It seems that it is accounts that have already been hacked and those that don’t have two-factor authentication that the spammers have been able to gain access to.
The accounts that have fallen victim to the scam have seen hackers post links to phishing sites in the hope to get other people to then click on the links when it appears in their News Feed.
The hackers also send links directly to friends of the compromised users through Facebook Messenger.
The link appears as a YouTube video but the hackers have managed to trick Facebook’s URL preview system by manipulating metadata. Therefore the user isn’t actually taken to the YouTube site but to another site that is intended to steal their credentials.
If you are using a mobile device, you will be directed to a fake login where you will enter your email address and password. The fake login page displays both the Facebook and YouTube logo.
The page claims to be a “Facebook Video Application” and if you link on the link from a ‘friend’, your account is likely to be compromised.
Luckily, if you use two-factor authentication you should be protected from the attack as a second temporary passcode is sent to allow you to login. If the login is not obtained, the account can’t be accessed even if the hacker has your password.
You can set two-factor authentication on Facebook from the ‘Security’ menu.
Check the box next to “Require a login code to access my account from unknown browsers” to begin the process.
Users will have to provide a phone number to receive the secondary code.