Watch Out, Facebook Users: Messenger Scam Steals Passwords and Hijacks Accounts

A smartphone user shows the Facebook application on his phone in the central Bosnian town of Zenica, in this photo illustration, May 2, 2013. Facebook Inc said July 24, 2013 that revenue in the second quarter was $1.813 billion, compared to $1.184 billion in the year ago period. (PHOTO CREDIT: Reuters/Dado Ruvic /Files)
A smartphone user shows the Facebook application on his phone. (PHOTO CREDIT: Reuters/Dado Ruvic /Files)

Facebook users have fallen victim to a scam that installs software onto their computers to steal sensitive information, including usernames, passwords and financial details.  

The vicious program has spread around Facebook users through a link in Messenger that is sent from hijacked accounts to all of a victims’ friends.

The link appears to be for a photo saved in the new SVG format. But it is in fact malicious and clicking on it takes unsuspecting users to a fake version of YouTube’s website, which asks them to add a Chrome extension to their browser in order to watch a video.

Once installed, the Chrome extension has the ability to read and change all of the data on the websites you visit.

Invisible on the Chrome toolbar, the malicious browser add-on can steal and change information related to every website a victim visits, including login details and passwords. Cyber criminals could use it to retrieve a victim’s online banking login details and harvest financial information, for example.

At the same time, the extension hijacks the victim’s Facebook account and sends the link to all of their friends to spread the malware.

Bart Parys, a computer security researcher who drew attention to the scam, said it could also be used to install ransomware onto a victim’s computer, which encrypts all stored information, such as documents, music and pictures. This makes it inaccessible to the owner until they have paid a ransom of anywhere between 0.1 and 1 bitcoin (£59 to £592).

Parys said it looks like Facebook and Google have spotted the scam and have safeguarded against it. “It seems that the Chrome extensions have been removed, and the SVG filetype is now being filtered for in Facebook,” he said.

Facebook and Google have not responded to requests for comment.

How to protect yourself

Parys warned that Facebook users should be wary of clicking on unsolicited links even if they are from a friend. In this case, the link arrives without any accompanying message or description, which should pique users’ suspicion.

He also said users couldn’t rely on companies such as Google and Facebook’s security controls completely and that they should use an antivirus as an extra line of defence.

To safeguard sensitive information against this type of hack and others, security experts advise the use of strong passwords and to never use the same

SOURCE: The Telegraph