Facebook personal message claims that the sender has seen you in an online video and suggests that you go to a website and skip to a specified place in the video to see yourself.
The message is a phishing scam. There is no video. The web address supplied takes you to a fake Facebook Page that tries to steal your Facebook account login details.
This message, which arrives from a friend via Facebook’s personal messaging system, asks what you are doing in a video the friend has watched. The message instructs you to enter a web address into your browser, search for your name, and then skip to a specified place in the video to see yourself.
The tone of the message suggests that there may be something compromising or embarrassing about the supposed footage.
However, the message is a phishing scam. The message really did come from the friend’s Facebook account, but only because the account has been hijacked.
If you go to the specified web address, a fake Facebook webpage will appear in your browser. The webpage will claim that you must log in with your Facebook email address and password to continue.
After you enter your Facebook login details, you may then be redirected to a Facebook app page that requests permission for an app to access your Facebook account.
Meanwhile, the scammers will collect your Facebook login details. Armed with this information they can then hijack your account, lock you out, and use the account to perpetrate further scams while posing as you.
And, the rogue app you installed will send out the same scam messages to all of your friends.
Because the scam messages were sent via your account, at least a few of your Facebook friends may fall for the ruse and compromise their own accounts. Via this mechanism, the scam message continues to spread across the network giving the scammers more compromised accounts to use for their criminal activities.
Scammers used the same ruse back in 2014.
If you receive one of these messages, don’t fall for it. The scammers hope that natural curiosity – or a degree of panic – will cause at least some recipients to follow the instructions and compromise their accounts. Unfortunately, such simple social engineering tricks continue to gain new victims.