Did you receive a direct message from a friend on Twitter, telling you that you had been video taped, or that a tape had been seen featuring you being secretly taped? These messages also contain a link to a Fcebook URL. Such messages are nothing but phishing attempts at getting your Facebook user name and password. Don't fall for it!
You may see what appears to be a valid Facebook URL such as http://facebook.com/384545068279473?svid. Though these links do take you to a page on Facebook, what happens is that you’re taken (briefly) to a Facebook app, which then forwards you to a fake Facebook page prompting you to log in. This is not a real Facebook page, as you can see from the address bar of the web browser. If you enter your login information, you will be handing over hackers your information, and will likely compromise your account.
Below is a photo of the fake Facebook login page. Notice that the actual website is mamdo.twitevents.org/mbf/bbp.php – not Facebook.com.
If you enter your information and hit the Log In button, you have just handed this information over to hackers. The original Twitter messages may look innocent because they come from a friend’s account on Twitter, which is why many people click on the link included. This friend’s account however was compromised, and the messages weren’t sent with their permission.
See this article about a very similar phishing scam on Twitter.
Some of the variations of the direct messages we’ve seen are in the list below. There may be many others. If you’ve seen other variants, let us know in the comments at the bottom of this article.
- rofl they was taping you
- u didn’t seee them tapping u
- how did you not see them taping u
- lol they taped your
- whatt are you doing in this fb vid ?
- i got mine yesterday
- you even see them taping u him
- what on earth you’re doing on this movie
- O M G your in this
- what on earth could you be doing in our vid
- what are you doing in this viddeoo
- who posted this video of me in the bathroom
- wtf this dumbass is posting sexual stories that concern you
- ur famouse now
- HAHA omg you have to see this [LINK] im dying from laughing so hard…
- wat r u doing with him in this video
- OMG i found this pic of u LMAO,
- I bet you don’t remember this eh?
- lol your in this video
What if I already logged into the fake site?
- Log into Facebook (the REAL Facebook this time) and change your password. This is the first thing you should do. If you can’t log in, try to have your password reset via email.
- Check your apps and make sure you didn’t give a malicious app to post on your behalf. This can be found under your account settings, then under apps. If you see any apps you don’t use or recognize, get rid of it.
- Delete any spam posts that may have been sent out from your account. This will at least get rid of those malicious links on your profile.
The direct messaging system on Twitter is rife with scams, hackers, phishing attempts, and spam. Hopefully someday Twitter installs some sort of spam filtering or safeguards to stop these types of messages from going out. Until then, be very careful about any links sent to you on Twitter, even if it comes from a friend’s account.