



Updated 20-March: My initial analysis was limited due to traveling without my laptop, and with unreliable data service. I've updated the post with a few additional domains to block, and to show the different behavior on mobile versus PC.





There’s a scam making the rounds on Facebook, making use of Facebook Messenger to spread. (Sysadmins, scroll to the bottom for a list of domains to block).



It starts when you receive a message from a friend, that simply says your name, with your profile picture designed to look like a preview of a video with hundreds of thousands of views. The implication is there is a “Facebook Video” of you that has gone viral.







Of course, this implication is false. When you click the image to see the video, one of a few things happens. On a PC, the link goes through a few forwarding addresses and ends up at a blank BlogSpot website. On mobile devices, you may see a message indicating you have won something, or you may see what appears to be a login screen for “Facebook Videos.” I’ve attached some screen shots below.



The “Facebook Videos” login screen is a phishing scam: if you “log in,” you are in fact giving your password to the scammer, who will immediately turn around and send the “video” bait to all of your contacts. This is how the scam spreads to new potential victims. I am fairly certain this is automated, effectively making this a Facebook worm that spreads as rapidly as people can be tricked.



As for the so-called prizes: more than likely, victims that try to claim the prizes will be asked for personal information and some sort of payment for “shipping fees.” Of course, there are no prizes, and anything that victims pay will be gone. Of course, this implication is false. When you click the image to see the video, one of a few things happens. On a PC, the link goes through a few forwarding addresses and ends up at a blank BlogSpot website. On mobile devices, you may see a message indicating you have won something, or you may see what appears to be a login screen for “Facebook Videos.” I’ve attached some screen shots below.The “Facebook Videos” login screen is a phishing scam: if you “log in,” you are in fact giving your password to the scammer, who will immediately turn around and send the “video” bait to all of your contacts. This is how the scam spreads to new potential victims. I am fairly certain this is automated, effectively making this a Facebook worm that spreads as rapidly as people can be tricked.As for the so-called prizes: more than likely, victims that try to claim the prizes will be asked for personal information and some sort of payment for “shipping fees.” Of course, there are no prizes, and anything that victims pay will be gone.



