There's a new phishing scam that is targeting Facebook users, and it's scarier than others because it's disguised as a message from a friend. When it first began making the rounds someone fell victim to this sneaky scam every 20 seconds, according to security experts. This rapid expansion rate is why we're so concerned, and want to make sure that you know what to look for.
New phishing scams pop up all the time. That's why it's so difficult to tell which messages are real and which ones are fake. Luckily, in most cases, scammers unintentionally leave little clues that are major red flags and should tip you off. This particular scam has its own set of signs.
First, some background:
Starting in late June, thousands of Facebook users received a message from a friend letting them know they were mentioned in a post. In reality this message was sent by scammers and was the start of a two-stage attack.
A Trojan would be downloaded onto the user's device in the first stage. This particular Trojan installed a malicious Google Chrome browser extension onto the victim's computer.
The browser extension made the second stage of the attack possible. Once the victim logged back into Facebook through the compromised browser, the scammer could take over the account. Hackers could then steal data, make changes to privacy settings and continue spreading the scam by sending messages to the victim's Facebook friends.
Around 10,000 Facebook accounts were affected by this round of phishing. Most of the victims were in South America. Some users in Europe, Israel and Tunisia were also hit.
If you accessed your Facebook account and encountered this message while using an Android device or an iPhone or iPad, you shouldn't be impacted. These devices shouldn't run the extension that is used in this scam.
PCs, Macs and other Windows devices, however, can be targeted. Basically, anything that can run Google Chrome extensions.
Facebook says the scam has been mitigated and techniques used to spread malware are being blocked, however, unopened messages could still be out there.
If you see one of these messages, do not click the included link and delete the message immediately. If you think your computer has been infected log out of Facebook and close your browser. Next, disconnect the network cable from your computer. Once that is done you need to run a full antivirus scan.
How To Report A Suspected Scam
If you believe you've been targeted by a scammer, you should also report it to the Federal Trade Commission (FTC). To do this, use the FTC's complaint assistant and choose the appropriate category. In this case, the category would be "Internet Services, Online Shopping, or Computers."
Psst... Don't be fooled by phishing scams. Take our phishing IQ test to see if you can spot a fake email.