/ Money

Scam watch: passwords harvested by fraudster

A member of the public contacted us after following a link via Facebook Messenger to what they thought was a video. Have you been sent this scam?

A Facebook Messenger user received a message via the app that they thought was from a friend.

We’ve seen spoofed accounts requesting cash before, but this time they were sent a link to what looked like a video.

However, on clicking it, they were asked to log in to Facebook. When they did so, nothing happened, which raised concerns that they may have given away their login details to scammers.

They quickly changed their password, but by then the link had generated identical messages to the scam they’d clicked on, and sent it on to all of their Facebook friends.

Harvesting passwords

This left the user so nervous that they didn’t want me to share their name with Facebook when I was investigating on their behalf.

Without looking at their Facebook account, I can’t say exactly what happened in this case, but I can hazard an educated guess that a scammer is harvesting passwords, hoping that you’re recycling them on other sites.

If you’ve received this scam and you’re reusing the password (or versions of it) elsewhere, immediately reset it on those sites to something strong and unique.

You can follow our guide on creating secure passwords here. We recommend passphrases made of three random words, as these are hard to hack.

Strong security

Unique passwords are hard to remember, so it’s best to store them using a password manager program.

Safety tips from the National Cyber Security Centre

For extra security, you can enable two-factor authentication on Facebook and many other accounts.

This means you need to follow a second step – such as entering a one-time verification code – to gain access.

Lastly, you should frequently check your bank statement and credit report and query anything you don’t recognise.

Have you been sent this scam via Facebook Messenger? Have you seen it anywhere else? Let me know in the comments.

l morrison says:
5 July 2020

Hi i was scammed by the Amazon prime phonecall. Luckily managed to stop my bank accouns on time. Do these people ever get caught the trauma caused is awful