I feel horrible for not doing this sooner, but I keep getting messages from trusted friends in Facebook saying ‘Look what i found’ which if clicked on takes you to a site which hacks your data and sends out the same message to all your friends.
First off – if I ever ‘send’ you something that has misspelling in it or improperly capitalized, and I don’t correct myself right away… it’s probably not me….
Second off – if I send you something that has a security certificate warning when you click into the browser and I don’t immediately explain myself (this is a rare occurrence, and more then likely we would be already working together in regards to me fixing your computer) it’s more then likely a scam, and I welcome you to question me on it!!!
Thirdly – (Please don’t take offense but) NEVER click past your browser security unless you know what you’re doing, this will prevent much unneeded headache for you and your friends.
Stay safe out there – Much love – SarahTonin
Yeah, this happened to a friend.
The link was a phishing site hosted on easy.co. They disclosed their facebook password there (possibly via providing a fingerprint on their phone) and their account was accessed a day later and all her their contacts were sent the new messages.
Remediation involves changing your Facebook password, enabling 2FA, revoking access to any signed in devices, and hopefully making sure you’re not re-using your password anywhere else.
What I want to know is how has FB not done anything about this yet.