The latest scam going around the Internet is spreading like a forest fire. This new Facebook scam utilizes Google’s Chrome App, stealing targeted Facebook login details.
The massive social media giant, Facebook, is possibly the most used social media platform to date. Reaching several billion people from all over the globe, the media giant has an estimate of 1.6 billion users at any given month.
This scam starts off with a simple little notification from Facebook, stating a friend of yours has “tagged” you in a Facebook post. Within the selected post, there will be a video that uses a picture of the targeted victim’s profile picture. Your profile picture will now be set as the thumbnail, reasoning that you are more likely to click on this video, if you see your picture in it.
Tagged in a special type of link that is linked to a malicious website similar to a Facebook-like page, once clicked, you are taken to the created Facebook-Look-A-Like site. Typically speaking, the easiest way to detect the fraudulent Facebook website is by looking at the URL of your website – Facebook only has 2 authorized URL’s: https://www.facebook.com and https://www.beta.facebook.com
However, the URL of the Facebook mockup is u1dmofz3.todayonlynews.com. There are also a variety of other URL’s that look similar, but they all have one thing in common: neither one of them even mentions “Facebook” in the URL. Unfortunately, once you find yourself logging into this domain, you are then redirected to another domain similar to bebetter890.com. This is where the scamming truly takes place.
Now that your login credentials have led to, what we call the ‘scam page’, you are now looking at a false, however authentic-looking version of Facebook. Here is where you are asked to view the targeted video. However, in order to actually view the video, you need to install an extension within Chrome, known as Ozuji. (Thankfully, Google Chrome has taken down this browser extension add-on). Because the mockup Facebook like page looks real, if Facebook asks us to install a special extension for our browser to view a video, it is easy to fall under the impression that it is safe. This isn’t the case. This special extension – while it was available – has the ability to not only read your browsers history, but also change the data on the websites that you visit – including changing your Facebook login information, and also accessing your financial login information, as well.
When the extension was available on the Chrome Extension Store, the only description was “Ozuji blue ipugo nuva ufiso ayivez.” When plugged into Google Translate, this is Cebuano language, derived from the Austronesian region, commonly spoken in the Philippines. This suggests these scammers have originated from this region. When the extension is added, ‘Facebook’ notifies the target that at least 10 friends had been tagged almost instantly. This means the extension worked quickly, gaining full control over the targeted Facebook profile.
As mentioned above, it is important to note that Google has successfully removed this extension from their store, but it still remains unclear if there other types of extensions performing this same breach. If you have received a special notification that represents something similar to this type of attack, you need to be aware that your system may have been breached.
If you discover that you or a friend have fallen victim to this attack, the first thing you should do is delete the extension from your Chrome browser. Once you have that done, change your Facebook password, as well as the passwords of all the websites you visit. Another security measure you can look into, is getting a good Antivirus software, as well as web secure software. Panda Security is one recommendation. This software can notify you of the type of virus, malware, Trojan you have, where it is, and offers to disable/destroy it.