Cybercriminals are coming up with more sophisticated attacks all the time. The more elaborate the scheme, the better chance they have at finding new, unsuspecting victims.
That's why you need to stay informed of the latest scams so you know what to watch out for. There's an extremely sneaky one targeting Facebook users now that is putting your passwords at risk.
What this hack looks like
We're talking about a phishing attack that is spreading via Facebook Messenger. The cybercriminals behind the attack are using a redirection technique that leads to a spoofed Facebook login page. If you end up on the spoofed page, you could wind up handing your password over to the criminal.
You really need to be careful with this scam, it's spreading like wildfire. There have already been over 200,000 victims in only a few days.
Here's how the scam works.
Victims are receiving malicious messages through Facebook Messenger with links that appear to lead to a YouTube video. Hovering over the link won't even give away that it's going to a spoofed site.
That's because the hackers are using URL shorteners like utm.io and po.st. Those disguise the actual destination by including YouTube in the URL. It's easy for a user to think the link will lead them to YouTube, but it won't!
These malicious messages could even appear to be coming from someone on your "Friends" list. It just means that the hackers have already gotten into their account and are now able to send messages posing as the account holder.
This scam is targeting Facebook Messenger app users on both Apple and Android gadgets. Keep reading to find out what you need to do. Don't forget to share this article with family and friends so they know what to watch out for as well.
What to do if you fell for it
If you or anyone you know is a victim of this scam, the first thing you need to do is change your passwords. Make sure that you are using unique passwords on every site.
Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it's easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Take our phishing quiz to see if you can spot a fake email
Do not follow web links in unsolicited emails or messages, it could be a phishing attack. Cybercriminals always take advantage of popular websites and trending news stories to try and find new victims. That's why you need to be able to recognize a phishing scam.
One thing to watch for with phishing attacks are typos; criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Make sure you're using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware.
One security setting you need now
Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.