A Facebook phishing scam is stealing login credentials by using pornographic images — Scammers are using Facebook groups to spread their campaign!
There is no way to stop cyber criminals from stealing login credentials of innocent social media users — Recently, one of the HackRead’s writers found a Facebook phishing scam targeting users and stealing their login data. What makes this phishing scam dangerous is the fact that apparently non of the phishing filters have detected any wrongdoing with the links used in this campaign.
Cyber criminals behind this scam have three motives one is to steal users’ login credentials, the second is to get some likes on their Facebook page and third is to profit financially. It starts with scammers posting a link in the comments section of several Facebook groups with a large thumbnail of a nude girl but to make it look like a legit link scammers also mention that video already got hundreds of comments, shares plus thousands of views. The description on the link goes something like this ”groups teen-girl-japannese-18-[retracted]–010 Click HERE to view video recorded 2.381 Likes, 749 Comments, 9.185 Views, 571 Share.”
This scam is similar to the recently reported ”Facebook comment tagging malware scam”. Here are two images we collected from the original post showing a play button tricking users into playing a video which is actually phishing link:
Upon clicking the so-called play button an automatic tab opens on user’s browser asking them to login with their Facebook login email or phone and password. Upon logging in; the user becomes a victim with their email and password being sent to the cyber criminal meanwhile they are being redirected to an online survey website asking them a bunch of question and eventually congratulating them on completing the survey.
In some cases, users are redirected to another website which downloads fake version of flash player on their device. It’s still unclear if the downloaded file is infected with a malware or adware, in both cases, users have everything to lose.
Good news is that if you are using Google Chrome; it already prevents users from accessing the site hosting this scam however scammers are smart and they are already using other domains to run this scam and at the time of publishing this article; Chrome didn’t show any warnings whatsoever.
So be careful, it is recommended to login to Facebook through an official App or by entering the address into the browser’s address bar instead of clicking links.