Facebook Messenger scam steals passwords and hijacks accounts


Facebook users have fallen victim to a scam that installs software onto their computers to steal sensitive information, including usernames, passwords and financial details.

The vicious programme has spread around Facebook users through a link in Messenger that is sent from hijacked accounts to all of a victims’ friends.

The link appears to be for a photo saved in the new SVG format. But it is in fact malicious and clicking on it takes unsuspecting users to a fake version of YouTube’s website, which asks them to add a Chrome extension to their browser in order to watch a video.

Once installed, the Chrome extension has the ability to read and change all of the data on the websites you visit.

Invisible on the Chrome toolbar, the malicious browser add-on can steal and change information related to every website a victim visits, including login details and passwords. Cyber criminals could use it to retrieve a victim’s online banking login details and harvest financial information, for example.

At the same time, the extension hijacks the victim’s Facebook account and sends the link to all of their friends to spread the malware.

Bart Parys, a computer security researcher who drew attention to the scam, said it could also be used to install ransomware onto a victim’s computer, which encrypts all stored information, such as documents, music and pictures. This makes it inaccessible to the owner until they have paid a ransom of anywhere between 0.1 and 1 bitcoin (£59 to £592).

Parys said it looks like Facebook and Google have spotted the scam and have safeguarded against it. “It seems that the Chrome extensions have been removed, and the SVG filetype is now being filtered for in Facebook,” he said.

Facebook said it is aware of the scam and that it has taken action against it.

“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook,” the company said. “We are already blocking these ones from our platform, and we have reported the bad browser extensions to the appropriate parties.”

The social network also said it notifies users who are acting suspiciously if it thinks their computer could have been infected with malware. It also offers a free anti-virus scan from a partner company.

Google declined to comment.

Parys warned that Facebook users should be wary of clicking on unsolicited links even if they are from a friend. In this case, the link arrives without any accompanying message or description, which should pique users’ suspicion.

He also said users couldn’t rely on companies such as Google and Facebook’s security controls completely and that they should use an antivirus as an extra line of defence.

To safeguard sensitive information against this type of hack and others, security experts advise the use of strong passwords and to never use the same one more than once.

Source: The Telegraph