This video is yours? Facebook messages rigged with malware resurface in Singapore

This video is yours? Facebook messages rigged with malware resurface in Singapore

fb messenger scam
Screengrab of a suspicious link sent via Facebook Messenger. 

SINGAPORE: If you've received a Facebook message from a friend asking if you've seen a particular video, don't click on the link - it could be malware. 

Different versions of such viruses and scams have made its rounds over the years, but Facebook Messenger users in Singapore have reported a resurgence in a new round of hoax messages being sent, with many taking to social media over the past week to warn their friends. 

Websites including Hoax Slayer - which is dedicated to debunking email and social media hoaxes - have warned against the rigged video messages, saying that they are designed to steal Facebook account login details or trick victims into installing malware.

"If you get one of these messages from a Facebook friend, it most likely means that your friend’s account has been hijacked," according to Hoax Slayer. 

In one iteration of the scam, victims who click on the link are taken to a website that looks like a Facebook login page, asking for account details before the video can be played. There is no video however; scammers are using this method to collect your details in order to hijack your Facebook account and send the same message to your friends, said Hoax Slayer. 

In another version of the scam, the fake site asks victims to copy and paste a code into the address bar of their browser in order to watch the video. In reality, the code is a malicious JavaScript that allows hackers to control the victim's Facebook account, Hoax Slayer said. 

Cybersecurity firm Kaspersky also warned users of another variation of the scam, where victims are taken to a page that looks like a playable movie. 

When victims click on the fake playable movie, malware then redirects them to a set of websites which enumerates their browser, operating system and other vital information. 

The malware then uses tracking cookies to monitor the victims' online activity, displays certain ads for the victim, and could even social engineer them to click on links. 

"The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts," a Kaspersky senior security researcher, David Jacoby, wrote in a blog post. 

In previous years, the scam messages were spread via YouTube links posted on Facebook. The posts would often use victims' first names, claiming they have been tagged in the "Youtube" video. Other versions of it include videos purportedly showing Justin Bieber being stabbed by a crazed fan. 

Facebook users can secure their accounts by enabling two-factor authentication, where they will be asked to enter a special security code or confirm login attempts each time someone tries accessing Facebook from a computer or mobile device that the social network does not recognise. 

To do so: 

  • Click the arrow pointing downwards in the top-right corner of Facebook, and then click Settings > Security and Login.

fb drop down arrow

  • Scroll down to use two-factor authentication and click on edit.
  • Choose the authentication method you want to add, and follow the instructions.
  • Click enable once you have selected and turned on an authentication method.
Source: CNA/dl