How to stop getting hacked on Facebook
A new scam involving Facebook users is currently surging worldwide. It involves enticing messages, supposedly from a friend reading: “look what I found”.
The phishing scam targets people via Facebook Messenger, as scammers are able to send these fake messages to the contacts of people whose Facebook accounts had previously been compromised.
Along with the “look what I found” message, which is often followed by one or multiple emojis, comes a link. Once you click on it, you’re taken to a malicious webpage that asks for your Facebook log-in. This is where they will obtain sensitive information and even attempt to install malware onto the device.
The scam has been known about for several years but recently appears to be surging out of control. It’s one of a number of scams targeting people via Messenger.
Another example is one where people receive a message from a friend saying, “is this you in this video?”, or similar.
“Messages seemingly coming from a Facebook friend much more likely result in clicks than messages sent by strangers, because people might only or primarily focus on the sender’s name at first rather than the message content, regardless whether that has red flags,” Leslie Sikos, a cyber security expert from Edith Cowan University says.
“There are many scams of this sort, meaning that there is no single appearance or behaviour users could learn to avoid.
“Note that if someone is tricked by a message and they click a scam’s link, they still might not be victims in the end if they can realise it’s a scam by keeping an eye on the website loading process, which would reveal the redirection to a malicious website.”
Here's what to look out for
Dr Sikos says while the scam can be difficult to detect, there could be a number of seemingly obvious clues that give away a phishing message.
“(For example) there is no proper greeting and/or signature that would match the style of the sender,” he said.
“Scams often have bad grammar or typos that can also indicate their true nature. For example, ‘look what i found’ instead of ‘Look what I’ve found’.”
He's also flagged to look out for a “gibberish, obviously machine-generated and fake domain name that, when clicked, would actually redirect you to another domain”.
Other clues to indicate a phishing message include: the message came from a Facebook friend who you wouldn’t normally chat with, or the message was sent at a strange hour of the day or night.
Image: Getty