14 DAY TRIAL // A new spam campaign lures Facebook users to a phishing page by tricking them with an alleged funny video of themselves.
The spam messages read: "Heyy , What the heck are you doing in this video?? LOL!" and direct users to links of the form http://apps.facebook.com/[removed].
People who fall for this social engineering trick and click on the link get redirected to a page mimicking the Facebook login form, but hosted on an external website.
This is meant to make users think that their session expired and they need to login again. The stolen credentials are used to spam even more people and propagate the scam.
Facecrooks reports that there are also variations of this attack, one of which uses a "What are you doing in this Photo" lure.
This social engineering trick is not new and has already been used for years by worms that spread via instant messaging spam.
Users that fall victim to such phishing attack should immediately initiate a password reset and also change it on all websites where it is used.
After they regain control of their account they should go to the Account Security section, under Account Settings, and kill any rogue sessions listed there.
Ultimately, these attacks end up affecting a small percentage of Facebook users, but with a user base of well over 500 million, that can still mean a lot of accounts.
For example, a phishing attack spotted on the social network in October and analyzed by security researchers from Kaspersky Lab, grew by new 3,000 victims every 20 minutes.
Users are advised to be highly suspicious of the links received on Facebook and other social media websites, regardless if they appear to originate from trusted persons or not.