Beware! A new Facebook malware hack is being sent to users via Facebook Messenger
Over the weekend, a Facebook friend of mine noticed an odd message (via Facebook Messenger) was sent to her from someone who normally only communicates by leaving comments on my friend's timeline, not by messages.
I also received the same message from this person (she is also a Facebook friend of mine), though I hadn't been on Facebook, never clicked on it, and just took a screen shot of this message today:
Unfortunately, my friend clicked on the link in this message, while on her phone. Once she clicked on the link, it appeared as though she was somehow logged out of her Facebook account. The page she now saw before her displayed what seemed to be standard Facebook login text fields for the email and password. She entered both and clicked submit. She was then brought to a page with a Youtube-like link (the page shown below was accessed on a test computer at Ware Repair, and so may not be the exact page seen by my friend, though she confirmed it looks similar):
After clicking on the Youtube button, my friend suddenly realized something felt very wrong with all of this. She then closed out of the web page and figured she had ended the issue. However, over the next few days, many of her Facebook friends informed her they had received a suspicious message from her, and suspected her account had been hacked. Below is the message I received from her Facebook account (note the similarity to the first one I received, though it's a bit different):
The message really attempts to peak your interest - notice how it implies over a hundred thousand people clicked on a video, about me? Haha, sure. But you can certainly see how this can trick someone.
According to this article, if you click on the link, malware will be downloaded to your system that can access or track your personal information, such as credit cards, banking information, etc.
We are not sure what happens when you click on the Youtube link, since my friend closed off her browser immediately after she clicked on it, but it certainly cannot be good.
From the link for the article above, Facebook is recommending that anyone infected with this malware should change their password and "check that their details have not been used elsewhere". Yes. This is quite important. Probably most worrisome of all about this hack is that now the hackers know your password. Is this the same password you use for your banking account? Or is it the same password you use for any online sites where you purchase items and store your credit card information?
Definitely gives more credence to the premise that you should use a different password for each of your online accounts.
Doing a Google search barely found much more information on this hack, since it appears to be so new. Nevertheless, here is another link that mentions it.