People who use the world’s most popular social network are being warned about a new scam designed to trick them into giving away their Facebook login details.
Researchers from cyber security firm ESET issued a warning about the scam which spreads news about a fake terror attack.
In one hoax, detailed by We Live Security, Facebook users in the Czech Republic began seeing posts on their news feed claiming there had been a terror attack in Prague.
The social engineering scam then begins when a hacked account is used to comment on the post and tag others, encouraging them to click on a link in order to notify friends and family they are safe and to receive more news updates about the fake terror attack.
However, after clicking on the link, rather than being directed to Facebook’s Safety Check feature, the victim is redirected to a phishing web page which asks them for the login credentials to their Facebook account.
“Scam campaigns, if designed to be emotionally appealing, fare surprisingly well because of our unfortunate behavior,” Lukáš Štefanko, a malware researcher at ESET, wrote in the post.
The scam in the Czech Republic was fairly quickly debunked and was even featured in the national news. However, that didn’t stop cyber criminals turning their attention to users in Slovakia to begin a similar terror attack hoax.
It is now feared that cyber criminals may use major incidents to carry out similar scams to users in other countries.
Facebook’s Safety Check allows people to use the social network in order to tell their friends they are safe.
On Friday, Facebook enabled its Safety Check feature after double bomb attacks hit the Thai resort of Hua Hin and it has previously used the feature during the terrorists attacks in Paris and Nice.
However, in order to mark themselves as ‘safe’ users do not need to click on an external link and are not asked to re-enter their login details.
For anyone who thinks they may have been compromised by the scam, ESET recommends changing the password to their Facebook account.
This latest terror attack hoax targeting Facebook users also highlights the importance of not using the same login details for multiple online accounts.
Meanwhile, Malwarebytes is warning of a similar scam aimed at getting Facebook users to disclose their account details.
This particular scam reports the death of Will Smith’s son Jaden and tries to trick users into clicking on a link, which claims to offer more news coverage and videos. Users are then prompted to enter their account details once more.