Is that you on the video? An innocent question that can cost you too much

The latest scam affects Messenger and affects not only the victim but also his friends. They are the main target of the attack, making this threat spread faster than others. It starts with an innocent question. The attacker sends a video to the victim’s friends with a simple sentence “Is that you in the video?”.

If you’ve ever wondered why attackers want your password from communicators and social networks, it’s not just to see your photos and statuses. They can also sell them to other wreckers. Or use them to get more victims – if they send something like that from your profile, your main contact is more likely to click on it than if they sent it from a fake account.

It can be anything – a misleading investment plan, a fake login page for Paypal, for example, filling out a form, whether to sell pots or whatever it is called – snake oil. The psychology behind it is very strong and dangerous – the video was sent to me by an acquaintance and it doesn’t look harmful, so why not click on it?

A threat called Are You In The Video?

Such a threat was discovered by the Naked Security portal from the well-known security company Sophos. They received information from a reader who received a video with the mentioned sentence.

You would not hesitate to make such a message, especially if it came from a friend with whom you communicate often. The question sounds serious, surprising, and it is all about to arouse your curiosity. It could be a secret video that you don’t know about and your friend found it somewhere on the internet and you don’t even know what its content may be.

In fact, it is not a video, but an image linked to an Internet link. It redirects you to the “Facebook” login window, which does not have HTTPS security. Sophos has obscured the internet link, but that’s maybe because the picture is illustrative and it’s really just a modified image of real Facebook.

According to Sophos, this is a randomly generated address located on a Hungarian hosting service. The most important fact about these fraudulent sites is that they do not have HTTPS security.

Today, every legitimate and current site (even in Slovakia) is slowly using HTTPS. It is a more secure format than the older HTTP. By the way, Facebook was one of the first services to switch to full HTTPS in 2012.

After entering your login details, you would then be redirected to a strange address hosted on a cheap hosting in the US.

It was clear to the reader of Sophos that his acquaintance not only clicked on a similar link, but also entered his login details into this fraudulent Facebook. As a result, the attackers were able to access his database of friends and spread the threat.

After the login page

The fraud continues and tries to confiscate the victim and can get the attackers a little more time. After logging in, the victim’s site will serve another fraudulent site, one of several pre-prepared, Sophos adds.

They mention that they do not look like they were created by the same attackers, so it is more than possible that they want to make money and send you to the fraudulent sites of their partners. Of these, they are likely to receive a reward for each victim made. It’s basically such a small network of scams.

The other sites are trying to sell you a fraudulent VPN service, available telephone services (with a monthly fee of about 2 euros) and their task is to obtain data from your debit / credit card.

How to protect yourself?

• Use two-factor authentication wherever it’s available – abbreviated to 2FA, an step has been added to verify your identity. It is offered by the largest portals – Google, Facebook, but also our Slovak banking applications. It can take the form of an SMS message with a code, an e-mail with a code, a PIN code, a fingerprint on a mobile phone or another form – PIE code 365 bank (you enter a few emoticons in the correct order).
• If you think your friend’s account has been compromised, let him know in another way – If you write this to the same account that someone else got into, it is possible that they will try to convince you that this is not true and that everything is fine. If the attackers do not speak Slovak, then of course they will not convince you with standard Slovak – at most poorly translated Slovak.
• If someone notifies you that your account has been compromised, don’t hesitate a second – Change your password immediately in the application or on the site. If someone sends you something, it’s better not to trust them, even if it’s your acquaintance – someone else can write for them. Change your password to a stronger one, preferably according to our instructions.
• Use a password manager – It can automatically generate secure passwords for you, remember them, but also enter them into the mentioned page. Password Manager also has the advantage that if it tries to retrieve your password from you with a similar scam, Password Manager will know that this site is different. This is because it analyzes the page from the domain’s perspective, not the images and content on the page.
• Use antivirus with web filter – Such an antivirus will alert you to a fraudulent site. The web filter will only prevent you from accessing such a fraudulent site. Therefore, they will not let you go to the mentioned application form either.