Last week I watched a mass Facebook-phishing attempt unfold around me. It started with a Facebook friend sending me a video on FB Messenger which apparently had me in it. Being a typically vain and curious person, but suspicious, I clicked on the play button.

The ‘video’ link didn’t do what I expected. Instead of playing a video as I expected, it took me to a web page with a Facebook login form on it. It was clear that to see the video, I was going to have to enter my username and password.

At this point, my suspicion reached fever-pitch and I stopped. I did not enter my username and password.

Why did I stop? Well, there were several reasons.

  1. The video was sent to me by a trusted friend. However, it had come through Messenger, which is a Facebook extension. To even see the message I HAD to be logged in the Facebook Messenger. It made no sense for it to ask me to log in again.
  2. The preview of the video showed an indistinct image, possibly a person. However, it looked very odd. The text under it said, “I think you appear in this video. Watch it :O”. Under that was a number of views, and under that a link to a website I’d never heard of (fupi.co.tz)
  3. Incidentally, .co.tz is a Top-Level Domain for Tanzania.
  4. Clicking on the link took me to a site which looked like Facebook, but clearly wasn’t. The URL in the address bar was https://mystifying-shaw-e6c617.netlify.app (if you get an example of this, the link *may* be different).
  5. netlify.app? Who are they? Certainly not Facebook. Facebook links always end in facebook.com

So although I was being shown what looked broadly like a Facebook login page, it was clearly a spoof. I steered clear!

Several of my Facebook friends were not so lucky. 

I suspect that millions of people around the world have fallen victim to this hack, in the last couple of weeks.

What did the spoof do?

For those people unlucky/unwary enough to have entered their Facebook login details into the page, their login details (username, password and email) were immediately stored on a hacker’s database somewhere. Their Facebook account was then compromised – the hackers logged in, and sent the same spoof video link to all of the unlucky person’s contacts. 

This happened to me! What shall I do?

  1. IMMEDIATELY log in to Facebook and change your password.  Make it something secure, and use your browser, or your Password Manager to store it.  You can use this tool to create a new secure password: https://passwordsgenerator.net
  2. If you can’t log in, you’ll have to use the Forgotten Password feature to reset it.
  3. Once you’ve logged in and have control of your Facebook account again, put a message on your timeline telling your friends that you were hacked and NOT to open any videos that they received from you. 
  4. In case it’s too late, it might help to give them a link back to this article, so they know what to do next.
  5. It’s likely that you’ve re-used the same username and password combination time and time again. It’s human nature. Hackers will exploit it!
  6. Your login details are now stored on a hacker’s database somewhere, and at some point, that information will be sold on the Dark Web. Other hackers may try to use it to gain access to your other web accounts.
  7. For example, you also use the same details on a shopping website: perhaps Amazon or eBay. 
  8. Imagine what would happen if a hacker used your details to log in to those accounts!

You need to find out where you’ve re-used the same username/password combination.

How do I find out where I’ve used the combination before?

Most modern browsers now offer to remember passwords for you. This in itself is slightly dangerous (what if your machine gets hacked into?), and a Password manager will be better. However, you should be able to find a list of all of the usernames and passwords that your browser has stored for you.

To do this in the Google Chrome browser:

  • Go to Preferences & Privacy and Security.
  • Scroll down the page to ‘Auto Fill’ and under that, click ‘Passwords’.
  • Now, take your compromised username and enter it into the search box at the top right. Press enter, and you should get a list of all of the sites where you’ve used that username.
  • Click the ‘eye’ icon next to each to see the password you’ve used.
  • Make a note of the sites on which you’ve used it, and go to each, log in, and change your password.

Other browsers will have similar methods, though we can’t list them all here.

This is the best way to minimise the risk of your other accounts getting hacked.

How can I prevent this from happening again?

  • Never EVER enter your Facebook details into a site which isn’t Facebook.
  • Remember, if the end of the address isn’t exactly facebook.com, then IT ISN’T FACEBOOK.
  • Never trust links sent to you through Facebook, Messenger, WhatsApp, Email and others. Check where they send you (see above).
  • Never give your login details away on email, the phone or on a website that you can’t be 100% sure of
  • Stop and think for a moment before entering login details – think about the above. If in doubt, don’t do it!