Ignore 'Is it you in the video?' Messages Sent via Facebook's Messenger

Just because we have turned over a new leaf on the calendar and have finally left a tumultuous 2020 behind us, does not mean that we are safe in the digital world or that cyber criminals will magically disappear. On the contrary, we should be ready for new and more cunning attacks and approaches bad actors will come up with.

One such new attack that has been making the rounds since late December uses Facebook's Messenger to steal credentials and compromise accounts. Not all compromised accounts are immediately abused in an obvious way. A lot of times, criminals would use an account they have control over in subtler ways. This new scam is an example of this.

A Facebook user would receive a seemingly innocent message from a known Facebook contact over Messenger. The message would read "Is it you in the video" and contain what looks like an embedded video but is really a hotlinked black image with a video frame and a painted-over 'play' button.

Naturally, if you would receive a similar message from a puppet account used by the bad actors who is not your friend, you would be either highly suspicious or outright disregard the stray message and close it. However, receiving something similar from a known, trusted friend whose account has already been compromised lends the message a lot more believability and users are much more likely to fall for the scam.

If a victim would fall for the scam and click on the hyperlinked image, they would be taken to a fake Facebook login portal, asking for their login credentials to "verify your account information", as the fake login portal states. In reality, the user is taken through a URL shortener and dropped on a randomly generated domain and a quick glance at the page's URL would reveal that the fake login form has nothing to do with Facebook.

Feeding your credentials in the fake phishing form not only hands them over to the crooks behind the scam, it also simulated a short login delay and then directs the victim to another randomly chosen scam. Security researchers with Sophos believe that the bad actors operating the fake phishing form are not directly related to the group operating those randomly chosen scams.

No matter how many layers of security you use on your personal computer, your common sense remains your best defense in similar situations. The scam in this instance can be easily dodged even if you do click the fake video in your friend's message by simply double-checking the URL in the address bar.

One thing you can do that will help propagate those scams any further is to immediately inform a friend who sends you similar fake messages that their account has been compromised.

January 4, 2021

Leave a Reply