Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | REVIEW: RadMission 1 eBike

Top News Stories

author photo

Facebook “IS THIS YOU?” Video Scam Steals Your Login Info

by on May 25, 2021
in News, Computers and Software, Computer Safety & Support, Blog, Facebook, Privacy :: 65 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

A Facebook scam that has been circulating for years seems to be making a comeback. And if you fall for it, you’ll have your Facebook login info stolen by the scammers, who can then hack your account and use it for a variety of nefarious purposes.

The scam works by tricking Facebook users into clicking a link to a video. The video will often have some variation of “Is this you?” or “Did you make this video?” in the description to pique your interest, and will likely come from one of your friends (who already fell for this scam and had their credentials stolen).

If you click on the link, you’ll be taken to a fake Facebook login page with a message about confirming your information before you can access the video. It is pretty obvious the page is fake if you notice the URL at the top. But if you're not paying attention and you enter your info here, you’ve just given the scammers what they need to take over your account.

Facebook scam phishing login

As a final insult, you won’t be taken to the video (which never existed in the first place), but dumped into a spammy affiliate ad network for NSFW games, sketchy app downloads and survey scams. I’ve seen a few valid apps, too, such as Norton Secure VPN on Google Play, but these companies have no part in the scam (after I notified Symantec, Norton’s parent company, about the app’s inclusion, a spokesperson told me “Upon learning of this issue, we worked with our mobile advertising partner to quickly identify and blacklist the bad actor responsible for this threat. We are also working to identify consumers who may have been impacted to help them with any residual effects.”)

Facebook scam spam apps

The best course of action if you get one of these video links from a friend is to not click it and notify your friend by phone or email, if possible, that their account may have been compromised. It’s also possible the video was sent from a friend’s cloned Facebook account that a scammer used to friend you in the past.

If you made the mistake of entering your credentials on that fake login page, you should immediately change your Facebook password before the scammers have a chance to get in. This would also be an excellent time to consider setting up Two-factor authentication for Facebook so you won’t lose access to your account if you fall for another phishing scam in the future.

And if the scammers have already taken control of your Facebook account, you’ll need to go through Facebook’s account recovery process to regain access.

Author's note 5/25/2021: A number of comments have come in indicating that their accounts were compromised even though they didn't not attempt to log in. I've researched this issue quite a bit and, despite nearly two years having passed since I first wrote this story, I still haven't seen any credible evidence that malware or other hacks are being exploited to steal user credentials through this scam. Everything I've read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I'm sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.

So how come all the reports of exploits where people didn't log in? Here's what I think may be happening:

1) People did log in, but it's such a natural action for them that they don't even remember that they did.

2) Your account was already compromised, either through a previous phishing attempt or because you have weak password security that allowed an attacker to access your account through a data breach from another source. 

3) These requests are coming from cloned accounts

4) You didn't log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised your system.

For more insight on what is happening, go to your Facebook Settings > Security and Login to see where and when you have been logged into your Facebook account.

If I uncover any new information about malware associated with this scam, I will update the article.



Discussion loading

i was hacked

From bobbi streeter on January 12, 2021 :: 7:24 pm

i was hacked by -are you in video - 
i changed password.  But hacker already sent video to my friends list.  My friends adked me to remove video.
after already changed my password.  I have been going back and deleting video in my friends messenger accounts .
i am clicking on video to get removed from my friends accounts.  AM I HACKED AGAIN ?

Reply

Victim of scam

From James on January 15, 2021 :: 2:50 am

I received a video link from one of my FB friend today, and the video is “it’s you??”. So I clicked on it and it brings me to a FB log-in section where I need to log-in in order to view the video and I did, but then I realise that something isn’t right, the URL is so different from the actual Facebook URL. So I suspect I’m scammed. So I immediately reset my FB password. My two factor authentication has been activated before I fall for this scam. And I even reset my gmail password. So my question is, is it safe for now?

Reply

Yes, you should be safe

From Josh Kirschner on January 15, 2021 :: 6:43 pm

If you immediately reset your password, you should be fine. And turning on two-factor authentication was a wise idea, too. No need to reset any other passwords unless you share passwords between Facebook and other places, which you really, really shouldn’t be doing.

Reply

I got directed to the

From C on January 17, 2021 :: 4:48 am

I got directed to the page and put in my credentials but I immediately noticed something was off and immediately erased it. I never logged in, am I safe? I am extremely worried.

Reply

Safest to reset your password

From Josh Kirschner on January 18, 2021 :: 5:17 pm

You’re probably okay if you didn’t submit the information, but to be on the safe side you should change your password and I recommend setting up two-factor authentication, as well.

Reply

happened to me but

From Anne on January 27, 2021 :: 12:12 am

I did not enter any information. I clicked, a page opened in a new tab. I did not enter anything. I have noscript running at all times as well as ghostery and adblocker. I immediately closed the window. This evening a friend reported getting a link from me. So far I have logged out of all sessions, changed password. Authentication/notification was already in place. I don’t think this was a hack so much as a clone job of some kind.

Reply

I opened it and

From Kim on February 19, 2021 :: 3:55 am

I opened it and stupidly put in facebook log in details and did not realise until friend sent txt next day saying do not open changed password next day but how do i know if i have been hacked etc etc

Reply

Probably ok

From Josh Kirschner on February 19, 2021 :: 10:38 am

If you got in and changed your password, you’re probably ok. But I would turn on two-factor authentication to help keep yourself safer in the future.

Reply

Facebook pay hacked

From Dale on March 10, 2021 :: 10:10 pm

So we opened the vid link and put in password. We were contacted by an out of state person looking to confirm our credit card info.  We checked our checking and a few hundred was sent to another person on our contact.  We checked our Facebook pay and we received $800 from another contact.  We can only assume that they would have access from our account to claim the money sent to us.  Yikes.  We changed password now.

Reply

clueless

From Jose on May 23, 2021 :: 4:54 am

Josh please I need some clarification on this: there are people in this thread saying this and also my real life friends, who have come in contact with this scam, apparently it DOES send out the message EVEN WITHOUT filling out the info.

I received the message, I’m 100% sure it is not from a cloned account and the friend who manages the account swears they did not fill out the info (they backed out of the page as soon as it started loading).

Can you please explain this? It just riddles me soooo hard as it goes in opposition to what you are saying here… I need to know what’s going on.

Reply

I stand by my comments until I see better evidence

From Josh Kirschner on May 25, 2021 :: 10:42 am

This issue has been around for a long time and I’ve researched it quite a bit. To date, I haven’t seen any credible evidence that malware is being exploited to steal user credentials or access Facebook accounts/messaging. Everything I’ve read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I’m sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.

So how come all the reports of exploits where people didn’t log in? Here’s what I think may be happening:
1) People did log in, but it’s such a natural action for them that they don’t even remember that they did.
2) Your friend’s account was already compromised, either through a previous phishing attempt or because they have weak password security that allowed an attacker to access their account through a data breach from another source.
3) These requests are coming from cloned accounts (though, perhaps, not in your case).
4) They didn’t log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised their systems.

Without being able to do a deep analysis on your account and your friend’s account, it’s hard to provide a more specific answer. But some things you can look for are to go to your Facebook Settings and under Security and Login see where and when you have been logged into your Facebook account. Setting up two-factor authentication (which everyone should do) will also prevent your account form being compromised, even if you do accidentally log in to a malicious site.

Is it possible that I am wrong and that there is a Facebook login security hole being exploited by malware? Of course. And if something is found I will update this story.

BTW, thanks for this question. I’m going to update the story with some of this info since it comes up occasionally in the comments.

Reply

account scammed

From Stuart Steven Rees on June 04, 2021 :: 3:35 pm

but if there holding my money for me. how will i get it if my profile ends up being permanently deleted.

Reply

Read More Comments: 1 2

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.