Hackers are getting into Facebook users accounts by luring them to watch a new hot “leaked video of Selena Gomez and Justin Bieber.”
In an alert issued to Facebook users, security software vendor Symantec has warned them not to click on strange links, even if they're from friends, and notify the person if they see something suspicious.
Writing in the Symantec blog Hardik Suri even urged users not to click on friend requests from unknown parties.
According to him the scam fools victims into downloading a fake browser plug-in. “The scenario is very simple: the victim is lured into watching some video; but instead of asking the victim to share/like the video, (which we have seen in many scams) the scammers present the victim with a fake plug-in download image, which is required to see the video,” said Suri.
Once the victim clicks on the image, the user-agent info is retrieved and accordingly, the fake plug-in is downloaded. “Currently only Mozilla Firefox and Google Chrome plug-ins are being used. Below is the script that is responsible for retrieving the plug-in,” he added.
A script named extra.js, then posts a fake image (which pretends to be a video) on the victim’s profile thereby further spreading the scam, the post added.
As an additional precaution Symantec has advised Facebook users to review security settings and enable login notifications - that can be found in the drop-down box under Account on the upper, right-hand corner of the Facebook home page.
Users have also been advised not to download any uncertain applications.