Facebook survey scams mostly follow the same pattern: they lure users in with offers of watching a funny/amazing/adult-themed video, directly ask them to “share” and “like” it, then complete a survey in order to be able to watch it. But every once in a while, a slightly different approach is used.
Symantech researchers have recently spotted a survey scam inviting users to see a leaked video of Selena Gomez and Justin Beiber, but instead of sharing it with their friends, the victims are told they need to download and install a “Youtube Premium” extension in order to be able to see it:
Clicking on the image of the video takes the victims to an iframe-loaded site from which the plug-in is downloaded (currently only Mozilla Firefox and Google Chrome).
Unfortunately, the extension isn’t what it claims to be. It actually contains a number of scripts whose mission is to download other scripts, and one of those posts the image of the video and a random message inviting friends to click on it to the victims’ Facebook profile page, while effectively hiding the fact from the users.
From then on, the scam unfolds in its usual way, asking users to complete a “30-second test” to “prove they are human“.
Useful Facebook Security Tips:
- Review your security settings and consider enabling login notifications. They’re in the drop-down box under Account on the upper, right-hand corner of your Facebook home page.
- Don’t click on strange links, even if they’re from friends, and notify the person if you see something suspicious.
- Don’t click on friend requests from unknown parties.
- If you come across a scam, report it so that it can be taken down.
- Don’t download any applications you aren’t certain about.
- For using Facebook from places like hotels and airports, text “otp” to 32665 for a one-time password to your account.
- Visit Facebook’s security page, and read the items “Take Action” and “Threats.”