A member of the public contacted us after following a link via Facebook Messenger to what they thought was a video. Have you been sent this scam?
A Facebook Messenger user received a message via the app that they thought was from a friend.
We’ve seen spoofed accounts requesting cash before, but this time they were sent a link to what looked like a video.
However, on clicking it, they were asked to log in to Facebook. When they did so, nothing happened, which raised concerns that they may have given away their login details to scammers.
They quickly changed their password, but by then the link had generated identical messages to the scam they’d clicked on, and sent it on to all of their Facebook friends.
This left the user so nervous that they didn’t want me to share their name with Facebook when I was investigating on their behalf.
Without looking at their Facebook account, I can’t say exactly what happened in this case, but I can hazard an educated guess that a scammer is harvesting passwords, hoping that you’re recycling them on other sites.
If you’ve received this scam and you’re reusing the password (or versions of it) elsewhere, immediately reset it on those sites to something strong and unique.
You can follow our guide on creating secure passwords here. We recommend passphrases made of three random words, as these are hard to hack.
Unique passwords are hard to remember, so it’s best to store them using a password manager program.
For extra security, you can enable two-factor authentication on Facebook and many other accounts.
This means you need to follow a second step – such as entering a one-time verification code – to gain access.
Lastly, you should frequently check your bank statement and credit report and query anything you don’t recognise.
Have you been sent this scam via Facebook Messenger? Have you seen it anywhere else? Let me know in the comments.