{"id":7048,"date":"2016-04-13T09:08:52","date_gmt":"2016-04-13T13:08:52","guid":{"rendered":"https:\/\/kasperskydaily.com\/uk\/?p=7048"},"modified":"2020-02-26T15:11:51","modified_gmt":"2020-02-26T15:11:51","slug":"facebook-video-scam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/facebook-video-scam\/7048\/","title":{"rendered":"Would you fall for Facebook 18+ video scam?"},"content":{"rendered":"<p>The story behind the post is plain and simple: yet another bad guy or a group of bag guys have decided to spread their malicious browser extension using Facebook. While their methods are blunt and obvious, a whopping 17,000 (and counting!) users have been caught using this very simple scam.<\/p>\n<p>Let us take you through the infection method step by step and ask some questions along the way. Please, answer them honestly. In the end we\u2019ll see if you may have fallen victim to a scam\u00a0to this one, before reading this post. (You sure wouldn\u2019t after!).<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/4F4qzPbcFiA?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>So, the malefactor starts by hijacking several Facebook accounts. On their behalf the criminal posts a link to something that is supposed to be a YouTube video suitable for adults only. The bad guys also tag about a dozen friends of each of those accounts. The resulting post looks like that:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7050\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2016\/04\/05193940\/scr1.png\" alt=\"scr1\" width=\"997\" height=\"552\"><\/p>\n<p><b>Question 1: Would you click on that link?<\/b><\/p>\n<p>Now if you said no, we suggest that you develop some useful, good paranoia. If a friend of yours wanted you to click on a link, he would surely give you a better description as to why you should click said link.<\/p>\n<p>If you see a post like that, your useful paranoia will suggest that it\u2019s 99% certain that theres something wrong with it. There are two possible solutions: either do not click on the link at all, or click and be extremely cautious about what you do next.<\/p>\n<p>It turns out that more than 17,000 people actually clicked on links similar to this. The link brings you to the site with an embedded video. The site looks like that:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7051\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2016\/04\/05193938\/scr2.png\" alt=\"scr2\" width=\"943\" height=\"888\"><\/p>\n<p><b>Question 2: Does that site look like YouTube to you?<\/b><\/p>\n<p>Well, the best way to answer that question is to compare the actual YouTube page and that page. Like that:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-7052\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2016\/04\/05193936\/scr3.jpg\" alt=\"scr3\" width=\"1024\" height=\"364\"><\/p>\n<p>Ouch, that wasn\u2019t YouTube. The real YouTube seems to have more a lot more content on the page, and a quick look at the webpage\u2019s address could have solved all of your doubts. So if that page is not YouTube, why would someone try to design it to look as if it was YouTube? The answer is simple: to fool you and to gain access to either your computer or your social networks.<\/p>\n<p>The video would not play, and the page would suggest that you install a browser extension in order to play it (in this particular case the extension was called \u2018Profesjonaly Asystent\u2019, which means \u2018Professional Assistant\u2019 in a rather bad Russian translation).<\/p>\n<p><strong>Question 3: If a page suggests that you install a browser extension, would you do that?<\/strong><\/p>\n<p>Surprise! The extension is malicious. Google has yet to remove it from the Chrome Web Store. So now it is still there and it has no description, no screenshots and only one rating (probably, the developers themselves to make sure it looks legitimate). This extension doesn\u2019t actually tell you\u00a0what it does \u2014 so why would you install it?<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-7053\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2016\/04\/05193935\/scr4.png\" alt=\"scr4\" width=\"1024\" height=\"574\"><\/p>\n<p>When installed, that extension has access to all the data the user inputs in their browser, including their logins, passwords and credit card information \u2014 as soon as they type it in on some site. So the extension steals that data.<\/p>\n<p>It also makes sure to re-post the same link using your, now stolen, social media account details.<\/p>\n<p>So, there were three moments when being a tiny little bit paranoid could have saved a user from losing their private data. Maybe calling it paranoia is too much, maybe we\u2019d better call it common sense. So, now you know what to do in order to avoid this particular infection. But there are others of its kind. What can you do to stay protected?<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">7 simple steps to avoiding Facebook <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a> attempts \u2013 <a href=\"https:\/\/t.co\/Qj68bST6HQ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Qj68bST6HQ<\/a> <a href=\"http:\/\/t.co\/V6rinEa2jI\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/V6rinEa2jI<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/591696979945791489?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 24, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>1. Learn about the <a href=\"https:\/\/www.kaspersky.co.uk\/blog\/avoid-phishing-facebook\/5605\/\" target=\"_blank\" rel=\"noopener\">types<\/a> and <a href=\"https:\/\/www.facebook.com\/help\/524275404355719\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">variations<\/a> of Facebook scams. There are several methods how the malefactors try to trick you into installing something on your device \u2014 you\u2019d better know these methods and not fall for them.<\/p>\n<p>2. Check the list of installed extensions in your web browser. \u00a0Are you sure you know what each of them are\u00a0for? If there are unknown extensions \u2014 be sure to get rid of them.<\/p>\n<p>3. If you see a friend posting something strange (or similar to what you\u2019ve seen above), let them know. \u00a0They were probably hacked and believe me, they\u2019d be grateful you told them!<\/p>\n<p>4. Install a good security solution. <a href=\"https:\/\/www.kaspersky.co.uk\/advert\/?redef=1&amp;THRU&amp;reseller=gb_nfckdailyit_acq_ona_smm__onl_b2c_kasperskydaily_lnk_______\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Internet Security<\/a> detects malicious browser extensions and deletes them before they can do any harm to you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check this out to know if you want to fall for one of the latest Facebook scams<\/p>\n","protected":false},"author":696,"featured_media":7049,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2026,9],"tags":[1416,1417,1407,20,877,701,58],"class_list":{"0":"post-7048","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"category-tips","10":"tag-1416","11":"tag-adult","12":"tag-browser-extensions","13":"tag-facebook","14":"tag-private-data","15":"tag-scam","16":"tag-video"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/facebook-video-scam\/7048\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/facebook-video-scam\/6996\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/facebook-video-scam\/8142\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/facebook-video-scam\/7968\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/facebook-video-scam\/11611\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/facebook-video-scam\/2011\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/facebook-video-scam\/11829\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/facebook-video-scam\/5541\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/facebook-video-scam\/7498\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/facebook-video-scam\/11013\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/facebook-video-scam\/11611\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/facebook-video-scam\/11829\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/facebook-video-scam\/11829\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/18\/","name":"18+"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/7048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=7048"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/7048\/revisions"}],"predecessor-version":[{"id":19274,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/7048\/revisions\/19274"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/7049"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=7048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=7048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=7048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}