Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.
The scam messages use potential victims’ first names, claiming that they have been tagged in the “Youtube” video.
Phrases used in the attack include:
YO [name] why are you tagged in this video
WTF!! [name] why are you tagged in this video
hey [name] i cant believe youre tagged in this video
hey [name] you look so stupid in this video
omg! [name] why are you tagged in this vid
OMG [name] why are you in this video
OMG [name] you should untag yourself in this video
Each “video” has a random number of views and likes, but the length of the movie always appears to be 2:34. Eagle-eyed Facebook users might realise something is awry when they see that the links refer to “Youtube” rather than the rather more accurate “YouTube”.
But if you do make the mistake of clicking on the video thumbnail you will be taken to a webpage which tries to trick you into cutting-and-pasting a malicious JavaScript code into your browser’s address bar (this appears to be one of the scammers’ favourite methods of attack at the moment).
You have to concede, it’s a cunning piece of social engineering by the bad guys. Wouldn’t you want to see a video that your Facebook friends say you have been tagged in?
If you’re a regular user of Facebook, make sure you join the Sophos page on Facebook to be kept informed of the latest security threats.
Hat tip: Thanks to Naked Security reader Ken for sending us a tip about this latest Facebook attack.