A Facebook Scam That Steals Your Facebook Credentials Is Making The Rounds At The Moment

It may be a long weekend in Canada, but there’s a Facebook scam that seems to be making the rounds at the moment. And this one is kind of nasty based on interacting with a client of mine who was affected by this scam. Here’s how it works.

It starts by you receiving a message in Facebook Messenger from one of your Facebook friends with a link to what looks like to be a YouTube Video. But it isn’t a YouTube video. Instead it is a link that tricks Facebook users into clicking a link to a video. The video will often have some variation of “Is this you?” or “Did you make this video?” in the description to pique your interest. If you click on the link, you’ll be taken to a fake Facebook login page with a message about confirming your information before you can access the video. Here’s what it looked like when I tried this on a burner Android phone that I had lying around:

Now if you’re paying close attention to this login prompt, you’ll see right off the bat that this is fake. Not only does it not look right due to the website address not being from facebook.com for example, but Facebook has zero need to re-authenticate you in a manner like this. At this point the scammers not only have access to your account, but from what I can tell they also take your entire friends list and use it so that they can send this scam to others.

Here’s where it gets really nasty. There is also the possibility that you will get bombarded with offers varying from VPN services for sale to “free” phone deals that require you to pay shipping and handling. Which I assume are ways to grab your credit card details. Though part of me wonders if this is meant to buy time for the scumbags to use the info that they’ve harvested to perpetrate the scam.

And it doesn’t stop there.

While this is not an “infection” from computer virus perspective, the video scam only works by tricking someone into revealing their Facebook login credentials. And as far as I can tell, you can’t have your Facebook credentials stolen simply by clicking on the link and not entering anything. But based on my research, it is possible that an affected Facebook account can be cloned. Thus this would keep this scam going as the cloned account would be purporting to be you and sending out these messages to trick others into giving up their Facebook credentials.


So what if you get one of these messages in Facebook Messenger? Do not click on anything, delete the message and inform the person outside of Facebook that their Facebook account might have been compromised. That’s great if you haven’t clicked on anything. But if you have clicked on the links, and handed over your Facebook credentials, then time is of the essence. Get into your account as soon as you can (without clicking on any links that anyone just sent you!), assuming you can still access it, and change your password right away so the old password is useless to the criminals. These instructions will help you with that. Then you should force logout all devices that are associated with your Facebook account as this will stop the scumbags behind this attack cold. These instructions will help with doing that. You will then have to log into Facebook again from all your devices with the new password.

One thing that will protect you from this attack scenario is to use 2FA on any account you can. Adding a second factor of authentication means that the crooks can’t phish your password alone and then access your account. 2FA is a minor inconvenience to you, but a major roadblock for scumbags like the one behind this scam. This article from Facebook explains what 2FA is and how to turn it on. You should give it a read and consider utilizing 2FA.

Finally, if the scammers have already taken control of your Facebook account, you’ll need to go through Facebook’s account recovery process to regain access. In the case of this client, she recognized that she got scammed and quickly reached out to me so that help her to keep control of her Facebook account. Fortunately I was available, but I shudder to think what would have happened if I wasn’t.

Unfortunately the scams don’t stop coming. But as I trip over them, I’ll publish the info here and let you know how protect yourself from them.

Leave a Reply

%d bloggers like this: