Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | REVIEW: RadMission 1 eBike

author photo

Facebook “IS THIS YOU?” Video Scam Steals Your Login Info

by on May 25, 2021
in News, Computers and Software, Computer Safety & Support, Blog, Facebook, Privacy :: 82 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

A Facebook scam that has been circulating for years seems to be making a comeback. And if you fall for it, you’ll have your Facebook login info stolen by the scammers, who can then hack your account and use it for a variety of nefarious purposes.

The scam works by tricking Facebook users into clicking a link to a video. The video will often have some variation of “Is this you?” or “Did you make this video?” in the description to pique your interest, and will likely come from one of your friends (who already fell for this scam and had their credentials stolen).

If you click on the link, you’ll be taken to a fake Facebook login page with a message about confirming your information before you can access the video. It is pretty obvious the page is fake if you notice the URL at the top. But if you're not paying attention and you enter your info here, you’ve just given the scammers what they need to take over your account.

Facebook scam phishing login

As a final insult, you won’t be taken to the video (which never existed in the first place), but dumped into a spammy affiliate ad network for NSFW games, sketchy app downloads and survey scams. I’ve seen a few valid apps, too, such as Norton Secure VPN on Google Play, but these companies have no part in the scam (after I notified Symantec, Norton’s parent company, about the app’s inclusion, a spokesperson told me “Upon learning of this issue, we worked with our mobile advertising partner to quickly identify and blacklist the bad actor responsible for this threat. We are also working to identify consumers who may have been impacted to help them with any residual effects.”)

Facebook scam spam apps

The best course of action if you get one of these video links from a friend is to not click it and notify your friend by phone or email, if possible, that their account may have been compromised. It’s also possible the video was sent from a friend’s cloned Facebook account that a scammer used to friend you in the past.

If you made the mistake of entering your credentials on that fake login page, you should immediately change your Facebook password before the scammers have a chance to get in. This would also be an excellent time to consider setting up Two-factor authentication for Facebook so you won’t lose access to your account if you fall for another phishing scam in the future.

And if the scammers have already taken control of your Facebook account, you’ll need to go through Facebook’s account recovery process to regain access.

Author's note 5/25/2021: A number of comments have come in indicating that their accounts were compromised even though they didn't not attempt to log in. I've researched this issue quite a bit and, despite nearly two years having passed since I first wrote this story, I still haven't seen any credible evidence that malware or other hacks are being exploited to steal user credentials through this scam. Everything I've read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I'm sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.

So how come all the reports of exploits where people didn't log in? Here's what I think may be happening:

1) People did log in, but it's such a natural action for them that they don't even remember that they did.

2) Your account was already compromised, either through a previous phishing attempt or because you have weak password security that allowed an attacker to access your account through a data breach from another source. 

3) These requests are coming from cloned accounts

4) You didn't log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised your system.

For more insight on what is happening, go to your Facebook Settings > Security and Login to see where and when you have been logged into your Facebook account.

If I uncover any new information about malware associated with this scam, I will update the article.



Discussion loading

HACKED, CHANGED PASSWORD CONTACTS STILL GETTING MORE MESSAGESTING

From Valerie on January 08, 2021 :: 11:41 am

The video sent out to my contacts is actually a video I had posted on FB
120 FB friends notified me that they got this message via Messenger.  I immediately changed my password.  now 3 days later I have gotten 2 more friends that got another message via Messenger

Reply

New message or just seeing first message?

From Josh Kirschner on January 08, 2021 :: 12:37 pm

Are you sure they got a new message and aren’t just seeing your original message for the first time? Especially since you’ve already been hacked once, I suggest you turn on Facebook two-factor authentication to protect yourself going forward; we have a link in the article above.

Reply

account scammed

From Stuart Steven Rees on June 04, 2021 :: 10:49 am

I had a inbox message on my gaming page. and one of my moderators opened it. then I think a video was posted on my profile that was unacceptable. not my account is disabled. the scammers have also made changes to my pay out setting so I cant receive the stars I have earned. I did get Facebook to put my pay outs on hold which they have. but regardless my account is disabled. I tried to fill out the appeal form but they just don’t work. any advice? I have sent like over 40 emails in a week to try and sort it but nothing!!

Reply

I wish I had advice for you

From Josh Kirschner on June 04, 2021 :: 12:17 pm

Facebook customer service is notoriously absent. All you can do is reach out through the means available and hope they take action. My experience with them is no better - I report accounts that are clearly fake/scam accounts and they take no action. Meanwhile, they flag some of my posts as spam, which are not even remotely similar to spam, I appeal, and they take no action. It’s just a reminder that with Facebook, we are just the product, not the client.

i was hacked

From bobbi streeter on January 12, 2021 :: 7:24 pm

i was hacked by -are you in video - 
i changed password.  But hacker already sent video to my friends list.  My friends adked me to remove video.
after already changed my password.  I have been going back and deleting video in my friends messenger accounts .
i am clicking on video to get removed from my friends accounts.  AM I HACKED AGAIN ?

Reply

Victim of scam

From James on January 15, 2021 :: 2:50 am

I received a video link from one of my FB friend today, and the video is “it’s you??”. So I clicked on it and it brings me to a FB log-in section where I need to log-in in order to view the video and I did, but then I realise that something isn’t right, the URL is so different from the actual Facebook URL. So I suspect I’m scammed. So I immediately reset my FB password. My two factor authentication has been activated before I fall for this scam. And I even reset my gmail password. So my question is, is it safe for now?

Reply

Yes, you should be safe

From Josh Kirschner on January 15, 2021 :: 6:43 pm

If you immediately reset your password, you should be fine. And turning on two-factor authentication was a wise idea, too. No need to reset any other passwords unless you share passwords between Facebook and other places, which you really, really shouldn’t be doing.

Reply

I got directed to the

From C on January 17, 2021 :: 4:48 am

I got directed to the page and put in my credentials but I immediately noticed something was off and immediately erased it. I never logged in, am I safe? I am extremely worried.

Reply

Safest to reset your password

From Josh Kirschner on January 18, 2021 :: 5:17 pm

You’re probably okay if you didn’t submit the information, but to be on the safe side you should change your password and I recommend setting up two-factor authentication, as well.

Reply

happened to me but

From Anne on January 27, 2021 :: 12:12 am

I did not enter any information. I clicked, a page opened in a new tab. I did not enter anything. I have noscript running at all times as well as ghostery and adblocker. I immediately closed the window. This evening a friend reported getting a link from me. So far I have logged out of all sessions, changed password. Authentication/notification was already in place. I don’t think this was a hack so much as a clone job of some kind.

Reply

I opened it and

From Kim on February 19, 2021 :: 3:55 am

I opened it and stupidly put in facebook log in details and did not realise until friend sent txt next day saying do not open changed password next day but how do i know if i have been hacked etc etc

Reply

Probably ok

From Josh Kirschner on February 19, 2021 :: 10:38 am

If you got in and changed your password, you’re probably ok. But I would turn on two-factor authentication to help keep yourself safer in the future.

Reply

Facebook pay hacked

From Dale on March 10, 2021 :: 10:10 pm

So we opened the vid link and put in password. We were contacted by an out of state person looking to confirm our credit card info.  We checked our checking and a few hundred was sent to another person on our contact.  We checked our Facebook pay and we received $800 from another contact.  We can only assume that they would have access from our account to claim the money sent to us.  Yikes.  We changed password now.

Reply

clueless

From Jose on May 23, 2021 :: 4:54 am

Josh please I need some clarification on this: there are people in this thread saying this and also my real life friends, who have come in contact with this scam, apparently it DOES send out the message EVEN WITHOUT filling out the info.

I received the message, I’m 100% sure it is not from a cloned account and the friend who manages the account swears they did not fill out the info (they backed out of the page as soon as it started loading).

Can you please explain this? It just riddles me soooo hard as it goes in opposition to what you are saying here… I need to know what’s going on.

Reply

I stand by my comments until I see better evidence

From Josh Kirschner on May 25, 2021 :: 10:42 am

This issue has been around for a long time and I’ve researched it quite a bit. To date, I haven’t seen any credible evidence that malware is being exploited to steal user credentials or access Facebook accounts/messaging. Everything I’ve read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I’m sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.

So how come all the reports of exploits where people didn’t log in? Here’s what I think may be happening:
1) People did log in, but it’s such a natural action for them that they don’t even remember that they did.
2) Your friend’s account was already compromised, either through a previous phishing attempt or because they have weak password security that allowed an attacker to access their account through a data breach from another source.
3) These requests are coming from cloned accounts (though, perhaps, not in your case).
4) They didn’t log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised their systems.

Without being able to do a deep analysis on your account and your friend’s account, it’s hard to provide a more specific answer. But some things you can look for are to go to your Facebook Settings and under Security and Login see where and when you have been logged into your Facebook account. Setting up two-factor authentication (which everyone should do) will also prevent your account form being compromised, even if you do accidentally log in to a malicious site.

Is it possible that I am wrong and that there is a Facebook login security hole being exploited by malware? Of course. And if something is found I will update this story.

BTW, thanks for this question. I’m going to update the story with some of this info since it comes up occasionally in the comments.

Reply

account scammed

From Stuart Steven Rees on June 04, 2021 :: 3:35 pm

but if there holding my money for me. how will i get it if my profile ends up being permanently deleted.

Reply

DO NOT HAVE TO

From LAKESHA on July 17, 2021 :: 2:31 pm

XOOX
NO SUCH
XTHINGX
X00X
X

Reply

It Autofills The Credentials Space

From Alex Sánchez on July 21, 2021 :: 10:00 pm

Hello Josh
I just got this and i logged in my credentials, i realized inmediatly after it was a scam and changed my password within 3 minutes.

I don’t know if this helps, but i logged in because when I clicked the “user” space all my emails for facebook showed, like it was a real page (I have different emails for school and work and family and they all showed). I just clicked the one I was going to use.

Maybe that’s got something to do with people saying they didn’t log their credentials but still got the problem?

Reply

One more thing please

From Alex Sánchez on July 21, 2021 :: 10:06 pm

Is there a chance they automatically or manually downloaded or cloned my Facebook information in those 3 minutes?

I like to think they check their program every few hours to see how many credentials they got, and in the meantime i changed my password and im safe. But who knows…

I haven’t seen anything sent from my inbox or home page in the last hour since it happened.

Reply

Possibly is autofill from browser

From Josh Kirschner on July 22, 2021 :: 1:25 pm

I suspect that the form was set up with a generic email field and your browser autofilled this from its settings, rather than pulling anything from Facebook (see: chrome://settings/addresses?search=auto). There are a couple other ways I could potentially see a similar type of phishing process working. I am still skeptical that Facebook credentials could be compromised without user input.

Reply

Scammed by ads manager 2.0

From Jasnon on July 27, 2021 :: 9:35 pm

Hello sir,I saw an ads in fb that claimed apps updated due to ios14+, so I thought this apps is legit.. As usual, I login via my fb information and then I realised my fb has been hacked..

So my question is, does this apps can steal my videos, photos and files? And I also checked in permission section, this apps state ‘no permission requested’ in my phone.

Reply

Revoke the apps permission

From Josh Kirschner on July 29, 2021 :: 9:24 am

If you change your password, the app won’t be able to access your Facebook account. Also, you should revoke the app’s permissions in your Facebook settings. Read our Guide to Facebook Privacy Settings and look under the section “Using Facebook to log into apps and websites” for steps on how to do that.

Reply

Scammed by ads manager 2.0

From Jasnon on July 29, 2021 :: 12:36 pm

I’m lucky my Facebook already secure with help from FB representatives… Just want to double confirm is my files secure from that apps or not, especially private stuff in Sd card

Reply

Your files are secure - for now...

From Josh Kirschner on July 29, 2021 :: 1:19 pm

Based on the app permissions, your files should be fine. And most apps that are malicious downloads aren’t focused on stealing pictures and videos. However, future updates may change the requested permissions and that could be an issue. Or, the app could go rogue in other ways, such as being a source for adware. So delete if you haven’t already.

I took a look at the app on Google Play and it throws up a lot of warning signs. All the reviews are five stars and were entered over just the last two days - July 28th and July 29th - and were entered in the same block of time each day. The reviewer names appear to be made up. The review text often makes no sense in the context of what the app does. There are numerous spelling/grammatical errors on the app page and their website. The developer has no other apps. The app logo is made to look like an official Facebook AI logo. What a mess…

Thank you sir!

From Jasnon on July 29, 2021 :: 7:24 pm

Thank you sir for the answers, now I can sleep well without any worries after uninstall that apps.. Thanks again sir!

Reply

this happened plus they are harrassing my friends as well as stole money from me somehow

From diana bogotay on September 15, 2021 :: 6:04 pm

I do not have my facebook account linked to my bank information. Yet somehow they were able to google pay one of my friends and harrassed her telling her to click the money. She tried to do the right thing, which wass the wrong thing, in sending me the money back. I couldnt even accept it because I dont have my bank account information in there nor do I want to have my bank account information in there. Somehow they were able to accept the money with a visa ending in 5451. Somehow they were also able to brake into an account that is not assosciated with my facebook and it said the log in was from chicage. I kicked them out then they somehow got back in even with me changing my password so I kicked them out again. When I changed my password on fb, and things continued, i dove more into my security to find that the device they logged in with was never signed out of when I changed my password. So I kicked the device out and changed my password again. Right now I am on the phone with my bank they toook 233$ from me and I wish nothing but misery for the f**ckers behind this

Reply

Deleted my account permanently

From Sim on September 16, 2021 :: 10:31 am

Similar link came through from a trusted fried via messenger, tried to reach her to ask her about the link, she didn’t respond. I clicked the link anyways and wasn’t going anywhere. I stopped where it asks for credentials. The next day all my contacts received sameblink, friends and family were reaching out to me to check my account. I was in the verge of letting go FB due to its unsecured privacy policy,I decided to delete it permanently.Am i safe now that I deleted it?

Reply

I don't think you were ever at risk

From Josh Kirschner on September 16, 2021 :: 12:52 pm

If you really didn’t enter you credentials, I don’t think you were ever at risk. I have seen no confirmed evidence that Facebook accounts can be compromised via this type of download attack.

What I suspect may be happening (and it is just a guess) is that when you visit one of these sites there is an automated process to pull your Facebook profile info, including your Friends (if you don’t have your Friends list set to Friends Only). Then, a clone account is set up using your profile info and it sends the link spam to all of your friends.

If that is what is occurring, it would explain why your trusted friend didn’t respond to you (because the account was actually a clone account). And it would also explain why your contacts received the link even though you didn’t enter your credentials. If you ask one of your friends to search you on Facebook, do they see an account for you that isn’t yours?

Reply

hacked in seconds

From ugh on October 09, 2021 :: 11:34 pm

I accidentally clicked a link my friend sent me before it loaded and noticed it was bs closed it but a nexus 5 managed to get my google account fast but I changed password and enabled 2 factor
Insane how fast they got my information from a 5 second at most 😳

Reply

Just re-secure your Facebook account and turn on 2FA

From IT Guy on October 13, 2021 :: 12:01 pm

This happened to my sister’s friend, I helped her change her password and enable 2FA. Facebook also has a “re-secure account” feature which walks you through changing your password and then lets you select if any access was made to your account and if it was you or not.
Somebody had accessed her account from the Dominican Republic and at the time the messages were sent. But other than sending out the spam messages to her contacts they didn’t do anything else on the account.
I didn’t ask her if she put in her password/email after clicking on the link, I just assumed she did and probably didn’t think about it.

Honestly, when it comes down to it an ounce of prevention is worth a pound of cure. Enable MFA or 2FA and use secure passwords, that should protect you from most of the scams or ‘hacks’ out there.

Reply

A point to add

From Joy on October 15, 2021 :: 6:36 am

Hello, my mother had this link sent to her, she clicked it but didn’t fill in the details but just clicking the link is what sent it to everyone in her friends list instantly. It was ‘kuza. me’ in the link and I believe just clicking the link sets off the chain which messages everyone in your friends list. This is before they’ve gotten your details.

I’m not saying this is the malware bit but it might make sense as to why it’s sending to friends when you didn’t write in details.

Reply

I would like to verify this

From Josh Kirschner on October 15, 2021 :: 4:45 pm

A number of people have claimed in this thread that the scam was able to forward messages to friends without logging in. Most of these claims are second or third hand accounts, or where people don’t remember clearly whether they logged in or not.

However, I’m very skeptical this is really the case. First, I have yet to see any evidence of this occurring from security researchers. Second, not requiring login would undermine the whole purpose of the scam, which is to phish your Facebook credentials.

If anyone has a link they believe leads to a scam page that is able to forward messages without login by the user, please contact me at josh@techlicious.com so we can coordinate on investigating it directly.

Reply

Read More Comments: 1 2

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.