{"id":11829,"date":"2016-04-13T09:00:45","date_gmt":"2016-04-13T13:00:45","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=11829"},"modified":"2020-02-26T11:08:43","modified_gmt":"2020-02-26T16:08:43","slug":"facebook-video-scam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/facebook-video-scam\/11829\/","title":{"rendered":"Would you fall for Facebook 18+ video scam?"},"content":{"rendered":"<p>The story behind the post is plain and simple: yet another bad guy or a group of bag guys have decided to spread their malicious browser extension using Facebook. While their methods are blunt and obvious, a whopping 17k (and counting!) users have been caught into this scam.<\/p>\n<p>Let us take you through the infection method step by step and ask some questions along the way. Please, answer them honestly. In the end we\u2019ll see if you may have fallen victim to a scam like that before reading this post. You sure wouldn\u2019t after.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/4F4qzPbcFiA?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>So, the malefactor starts by hijacking several Facebook accounts. On their behalf the criminal posts a link to something that is supposed to be a YouTube video suitable for adults only. The bad guys also tag about a dozen friends of each of those accounts. The resulting post looks like that:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022450\/scr1.png\" rel=\"attachment wp-att-11831\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022450\/scr1.png\" alt=\"Would you fall for Facebook 18+ video scam?\" width=\"997\" height=\"552\" class=\"aligncenter size-full wp-image-11831\"><\/a><\/p>\n<p><b>Question #1: Would you click on that link?<\/b><\/p>\n<p>Now if you said no, we suggest that you develop some useful, good paranoia. If a freind of yours wanted you to click on a link, he would surely give you a better description as to why you should click.<\/p>\n<p>If you see a post like that, your useful paranoia will suggest that it\u2019s 99% certain that there is something wrong with it. There are two possible solutions: either do not click on the link, or click and be extremely cautious about what you do next.<\/p>\n<p>It turns out that more than 17k people actually clicked. The link brings you to the site with an embedded video. The site looks like that:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022451\/scr2.png\" rel=\"attachment wp-att-11830\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022451\/scr2.png\" alt=\"Would you fall for Facebook 18+ video scam?\" width=\"943\" height=\"888\" class=\"aligncenter size-full wp-image-11830\"><\/a><\/p>\n<p><b>Question #2: Does that site look like YouTube to you?<\/b><\/p>\n<p>Well, the best way to answer that question is to compare the actual YouTube page and that page. Like that:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022449\/scr3.jpg\" rel=\"attachment wp-att-11832\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022449\/scr3.jpg\" alt=\"Would you fall for Facebook 18+ video scam?\" width=\"2498\" height=\"888\" class=\"aligncenter size-full wp-image-11832\"><\/a><\/p>\n<p>Ouch, that wasn\u2019t YouTube. The real YouTube seems to have more a lot more content on the page, and a quick look at the webpage\u2019s address could have solved all of your doubts. So if that page is not YouTube, why would someone try to design it to look as if it was YouTube? The answer is plain, simple and bitter tasting: to fool someone and to cause them harm.<\/p>\n<p>The video would not play, and the page would suggest that you install a browser extension in order to play it (in this particular case the extension was called \u2018Profesjonaly Asystent\u2019, which means \u2018Professional Assistant\u2019 in a rather bad Russian transliteration).<\/p>\n<p><b>Question #3: If a page suggests that you install a browser extension, would you do that?<\/b><\/p>\n<p>We\u2019ll spoil \u201csurprise\u201d for you: the extension is malicious. Please, don\u2019t install it. A few hours before that publication went online Google has finally removed the extension from the Chrome Web Store. But it has been there for almost a week \u2013 with no description, no screenshots and only one rating (probably, the developers themselves have rated it with 5 stars of 5). This extension does not tell you what it does \u2014 so why would you install it?<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022445\/scr4.png\" rel=\"attachment wp-att-11835\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/04\/06022445\/scr4.png\" alt=\"Would you fall for Facebook 18+ video scam?\" width=\"1280\" height=\"718\" class=\"aligncenter size-full wp-image-11835\"><\/a><\/p>\n<p>When installed, that extension has access to all the data the user inputs in their browser, including their logins, passwords and credit card information \u2014 as soon as they type it in on some site. So the extension steals that data.<\/p>\n<p>The other thing it does is posting the same link to the same video on the victims Facebook page and thus continuing to spread the malware.<\/p>\n<p>So, there were three moments when being a tiny little bit paranoid could have saved a user from losing their private data. Maybe calling it paranoia is too much, maybe we\u2019d better call it common sense. So, now you know what to do in order to avoid this particular infection. But there are others of its kind. What can you do to stay protected?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">7 simple steps to avoiding Facebook <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a> attempts \u2013 <a href=\"https:\/\/t.co\/Qj68bST6HQ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Qj68bST6HQ<\/a> <a href=\"http:\/\/t.co\/V6rinEa2jI\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/V6rinEa2jI<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/591696979945791489?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 24, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>1. Learn about the <a href=\"https:\/\/www.kaspersky.com\/blog\/avoid-phishing-facebook\/8072\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">types<\/a> and <a href=\"https:\/\/www.facebook.com\/help\/524275404355719\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">variations<\/a> of Facebook scams. There are several typical methods how the malefactors can try to trick you into installing something on your device \u2014 you\u2019d better know these methods and not fall for them.<\/p>\n<p>2. Check the list of installed browser extensions. Are you sure you know what each of them is for? If there are some unknown extensions \u2014 be sure to get rid of them.<\/p>\n<p>3. If you see a friend of yours post something like the thing described in that post, please, notify them. They probably got hacked and we believe they would be grateful that you\u2019ve warned them.<br>\n\u2028<br>\n4. Install a good security solution. <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_KDpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;_ga=1.190087593.300785052.1449065439\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Internet Security<\/a> detects malicious browser extensions and deletes them before they can do any harm to you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check this out to know if you want to fall for one of the latest Facebook scams<\/p>\n","protected":false},"author":696,"featured_media":11834,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683,9],"tags":[1550,1551,1278,20,914,726,58],"class_list":{"0":"post-11829","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"category-tips","10":"tag-1550","11":"tag-adult","12":"tag-browsers","13":"tag-facebook","14":"tag-private-data","15":"tag-scam","16":"tag-video"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/facebook-video-scam\/11829\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/facebook-video-scam\/7048\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/facebook-video-scam\/6996\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/facebook-video-scam\/8142\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/facebook-video-scam\/7968\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/facebook-video-scam\/11611\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/facebook-video-scam\/2011\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/facebook-video-scam\/5541\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/facebook-video-scam\/7498\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/facebook-video-scam\/11013\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/facebook-video-scam\/11611\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/facebook-video-scam\/11829\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/facebook-video-scam\/11829\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/18\/","name":"18+"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=11829"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11829\/revisions"}],"predecessor-version":[{"id":33672,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11829\/revisions\/33672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/11834"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=11829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=11829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=11829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}