Scammers are using compromised Facebook accounts to circulate a phishing attack to the hacked accounts’ friends. Links sent via Facebook Messenger appears to be a video (link) with a blurred or redacted image asking “is this you?” The link goes to what appears to be a Facebook login page.
If a user enters their Facebook credentials on this phishing page, their own account will be hacked and their friends will then receive similar messages. Interestingly, the criminals in this case attempt to trick their victims twice by redirecting them to third-party scams after stealing their credentials.
The entire story can be found here.
Also reported to email@example.com in the past couple of weeks:
- [Ext] ՍPDАTЕ- Ехрirаtiоn Nоtifiаtiоn 12/15/2020 – says it is from the UTHSC mail system, but the email address is from the UK.
- [Ext] is your compensation gift – notification that the recipient was awarded the 2021 United Nations Compensation Program, but it came from a Gmail account. I don’t think the United Nations would use a personal account for official correspondence.