Cyber criminals are using Facebook Messenger to trick people into opening malicious links that harvest their personal data, FBI officials warn

Joe Pinkstone | The Daily Mail | Source URL

FBI agents have issued a warning about a new scam that targets instant messaging apps, including Facebook Messenger.

The scam attempts to trick users into opening a malicious URL that harvests their personal data and login credentials for social networks, like Facebook.

In a bid to coerce people into opening the suspicious URL, cyber criminals pose a question to their targets: ‘Hey I saw this video. Isn’t this you?’ 

Although the original warning from the FBI highlighted Facebook Messenger as a particular platform of concern, this has since been amended after the scam was found on other rival platforms.  

It’s unclear how many people have been hit by the latest scam, or how exactly cyber criminals are generating revenue.

However, email address and password combinations used to login to popular social networks and websites are regularly sold on the dark web. 

The most common version of the scam highlighted by the FBI’s Portland office takes the user to a fraudulent website designed to resemble the Facebook login page.

The webpage is a fake controlled by a fraudster who is able to steal any details inputted by users mistakenly believing they’re logging into their Facebook account. 

If people use the same email address and password combination on other websites, hackers can use the stolen details to login to those as well.

This can allow criminals access to online banking, or frequent flyer miles.

Other forms of the scam can be more direct in approach, taking targeted users to a page that automatically harvests their login credentials, the FBI warns.

According to the FBI staff member, they first witnessed the scam after they were contacted by a friend on Facebook Messenger.

‘The message included a video link and read: “Hey I saw this video. Isn’t this you?”,’ the FBI agent explained. ‘I was suspicious, so I didn’t click on the link.

‘The next day he contacted me outside of the app and said that fraudsters had hacked his account and to not click on any of the links that were sent because they contained a computer virus.’

Warning the public, the FBI said: ‘The best way to spot and avoid these scams is to avoid clicking on any links that you receive from friends or family until you contact the sender outside of app to verify that he was the one who really sent the message.

‘If you are concerned about the legitimacy of a particular account, report it through Facebook.’

MailOnline has approached Facebook for comment.  

The FBI office in Portland issued a warning about the popular new scam and the intelligence agency highlighted Facebook Messenger in its warning, before updating the post to confirm the scam was prevalent on other messaging app

The scam was uncovered on Facebook Messenger, but it is not unique to the Menlo Park-based firm and variants have been seen on a variety of instant messaging apps.

The latest warning follows a swathe of scams that have hit Facebook Messenger’s sister app WhatsApp.

Last month, a message was circulating promising free family passes to Paultons Theme Park – the home of Peppa Pig World.

Fans of Peppa Pig who mistakenly believed the offer was genuine shared the scam with friends and family to try to get free tickets to the theme park, which is found in Hampshire, England.

The Peppa Pig World scam spread rapidly across social media, forcing Paultons Theme Park to speak out about the hoax.

Park bosses warned WhatsApp users not to share the malicious message with friends, and instead delete the text immediately.

Paultons took to Twitter to combat rumours of the free tickets.

After clicking on the link (pictured), users are taken through to a site riddled with malicious software. The page, which is in no way affiliated with any legitimate ticket sourcing site, requests users input personal information

Paultons took to Twitter to combat the circulating rumours. It posted: 'We have been made aware of of a possible scam circulating via WhatsApp regarding Paultons tickets. This is not a genuine offer or in any way affiliated with Paultons Park. If you receive a message like this we urge you to delete it'

It cautioned: ‘We have been made aware of a possible scam circulating via WhatsApp regarding Paultons tickets.

‘This is not a genuine offer or in any way affiliated with Paultons Park. If you receive a message like this we urge you to delete it.’

In June, a similar hoax was ding the rounds on WhatsApp, this time using the Staffordshire based theme park Alton Towers as a ruse. 

This version touted five free passes to Alton Towers for people that clicked the link and shared the message to 20 friends on the app.

The fake giveaway claimed to be a celebration of the theme park’s 110th birthday. 

Alton Towers urged people to avoid the fake giveaway.

A spokesperson for the Staffordshire attraction said: ‘We are aware of a ticket offer being shared on social media that claims to be from Alton Towers Resort.

‘This is not a genuine offer, or in any way affiliated with Alton Towers.

‘Action is being taken to remove this offer and we urge guests not to share their personal details or forward the offer to their contacts.’

A WhatsApp 'offer' that professes to give away free Alton Towers ticket has been revealed as a scam by theme park bosses. The fake giveaway quickly went viral on the app, with users believing they needed to share the message to 20 friends to receive the gratuitous offer

WHAT SHOULD YOU DO IF YOU THINK YOU HAVE BEEN SCAMMED? 

1. Contact the company or person who took your money – this could be fruitless if it’s a scam, but it should be your first port of call.

2. If you bought something costing £100 or more on a credit card, you may be able to claim it back under a little-known law: Section 75. Once you’ve paid using a credit card, the card provider and retailer are locked into a legally binding contract, so if the retailer can’t or won’t refund you, you can raise the dispute with your card provider. 

3. If you can’t claim the money back via Section 75 you could try using the chargeback scheme. It’s a voluntary agreement by your debit or charge card provider to stand in your corner if anything goes wrong.

4. Unfortunately, if you’ve transferred the money using sites such as Moneygram, Western Union or PayPal, you generally can’t get your money back once you’ve handed it over.

Source: Money Saving Expert 

WHAT DOES WHATSAPP’S ALTON TOWERS SCAM LOOK LIKE?  

There are a number of versions of the scam text, with some subtle differences.

Since the scam encourages users to forward the malicious text onto a friend, it’s possible your contacts will change the content of the message.

However, one popular version of the fraudulent text says: ‘Alton Towers is giving away 5 free tickets to 500 families.’

Another variation reads: ”We’re giving 5 free passes to 500 families to celebrate our 110nd birthday!’

After clicking on it, users are asked to fill in an online survey.

The malicious website then encourages visitors to send it onto their friends within the chat app.

Leave a Reply

Your email address will not be published. Required fields are marked *