Facebook users beware!
If you use Facebook, you may have already seen this scam in your Messenger inbox recently: a friend sends you a message with your first name and a link to a YouTube video that appears to be a video all about… you. It even has your first and last name on it, and thousands of views!
Sorry to be the bearer of bad news, but you haven’t gone viral (that’s probably a good thing for most of us, actually). If you click on the video, you’re not going to be taken to YouTube video about your life. Instead, you’ll be taken to a spoofed Facebook login page where you’ll be asked to re-enter your login credentials in order to view the video. If you do, you’ve given your Facebook login information to cybercriminals who will hijack your account and use it to send spam to your friends. It’s also bad news if you use the same email and password for multiple online accounts: you can bet the hackers will use the information you’ve given them to try logging into other websites, including online banking.
What can I do if I’ve already clicked on the video?
Don’t panic! If you clicked on the video, your browser or antivirus may block the link automatically. However, if you did enter your credentials into the spoofed page, immediately change your password (to something unique) and clear your cache. Tell the person who sent you the video originally to do the same – preferably in a post on their wall, so others who’ve gotten the video will see it. Let your friends know in a Facebook post that you’ve been hacked and not to open any random links or videos from you.
Something else to consider: two-factor authentication. Two-factor authentication means that in addition to entering your password, you will also have to input a code in order to log into your Facebook on a new device. You can add a phone number so that any time you or anyone else tries to log into Facebook on a device that hasn’t been saved, you’ll receive a code via text on your cell phone. You will only be able to log in once you’ve entered this code. That’s one method, but there are more options for you to explore in your security options.
Go to your Facebook settings and click “Security.” Then click “Edit” next to Login Approvals. Here you’ll see the different options available to you to tighten up your Facebook security settings. Two-factor authentication is available for many online services including social media and banking, so you may want to enable this feature on multiple accounts.
You’ll also see an option for Login Alerts just above Login Approvals. If nothing else, you should have Login Alerts turned on. Login Alerts will send you a notification and an email letting you know that someone has tried to log into your account from an unrecognized device or browser. You’ll get these alerts when you log into new devices as well. If you get a login alert and it wasn’t you, you’ll have the option to kick the hacker out of your account. Again, change your password and delete your cache.
If you ever receive a message from a Facebook friend that seems out of character, be suspicious. Before clicking on a video or link that appears at random in your inbox, ask your friend about it. Many people who have been hacked aren’t aware until it’s brought to their attention. Be a good friend, be vigilant, and be careful.