Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Facebook “IS THIS YOU?” Video Scam Steals Your Login Info

by Josh Kirschner on May 25, 2021

A Facebook scam that has been circulating for years seems to be making a comeback. And if you fall for it, you’ll have your Facebook login info stolen by the scammers, who can then hack your account and use it for a variety of nefarious purposes.

The scam works by tricking Facebook users into clicking a link to a video. The video will often have some variation of “Is this you?” or “Did you make this video?” in the description to pique your interest, and will likely come from one of your friends (who already fell for this scam and had their credentials stolen).

If you click on the link, you’ll be taken to a fake Facebook login page with a message about confirming your information before you can access the video. It is pretty obvious the page is fake if you notice the URL at the top. But if you're not paying attention and you enter your info here, you’ve just given the scammers what they need to take over your account.

Facebook scam phishing login

As a final insult, you won’t be taken to the video (which never existed in the first place), but dumped into a spammy affiliate ad network for NSFW games, sketchy app downloads and survey scams. I’ve seen a few valid apps, too, such as Norton Secure VPN on Google Play, but these companies have no part in the scam (after I notified Symantec, Norton’s parent company, about the app’s inclusion, a spokesperson told me “Upon learning of this issue, we worked with our mobile advertising partner to quickly identify and blacklist the bad actor responsible for this threat. We are also working to identify consumers who may have been impacted to help them with any residual effects.”)

Facebook scam spam apps

The best course of action if you get one of these video links from a friend is to not click it and notify your friend by phone or email, if possible, that their account may have been compromised. It’s also possible the video was sent from a friend’s cloned Facebook account that a scammer used to friend you in the past.

If you made the mistake of entering your credentials on that fake login page, you should immediately change your Facebook password before the scammers have a chance to get in. This would also be an excellent time to consider setting up Two-factor authentication for Facebook so you won’t lose access to your account if you fall for another phishing scam in the future.

And if the scammers have already taken control of your Facebook account, you’ll need to go through Facebook’s account recovery process to regain access.

Author's note 5/25/2021: A number of comments have come in indicating that their accounts were compromised even though they didn't not attempt to log in. I've researched this issue quite a bit and, despite nearly two years having passed since I first wrote this story, I still haven't seen any credible evidence that malware or other hacks are being exploited to steal user credentials through this scam. Everything I've read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I'm sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.

So how come all the reports of exploits where people didn't log in? Here's what I think may be happening:

1) People did log in, but it's such a natural action for them that they don't even remember that they did.

2) Your account was already compromised, either through a previous phishing attempt or because you have weak password security that allowed an attacker to access your account through a data breach from another source. 

3) These requests are coming from cloned accounts

4) You didn't log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised your system.

For more insight on what is happening, go to your Facebook Settings > Security and Login to see where and when you have been logged into your Facebook account.

If I uncover any new information about malware associated with this scam, I will update the article.

Topics

News, Computers and Software, Computer Safety & Support, Blog, Facebook, Privacy


Discussion loading

gravatar

From bobbi streeter on January 12, 2021 :: 7:24 pm


i was hacked by -are you in video - 
i changed password.  But hacker already sent video to my friends list.  My friends adked me to remove video.
after already changed my password.  I have been going back and deleting video in my friends messenger accounts .
i am clicking on video to get removed from my friends accounts.  AM I HACKED AGAIN ?

Reply

gravatar

From James on January 15, 2021 :: 2:50 am


I received a video link from one of my FB friend today, and the video is “it’s you??”. So I clicked on it and it brings me to a FB log-in section where I need to log-in in order to view the video and I did, but then I realise that something isn’t right, the URL is so different from the actual Facebook URL. So I suspect I’m scammed. So I immediately reset my FB password. My two factor authentication has been activated before I fall for this scam. And I even reset my gmail password. So my question is, is it safe for now?

Reply

gravatar

From Josh Kirschner on January 15, 2021 :: 6:43 pm


If you immediately reset your password, you should be fine. And turning on two-factor authentication was a wise idea, too. No need to reset any other passwords unless you share passwords between Facebook and other places, which you really, really shouldn’t be doing.

Reply

gravatar

From C on January 17, 2021 :: 4:48 am


I got directed to the page and put in my credentials but I immediately noticed something was off and immediately erased it. I never logged in, am I safe? I am extremely worried.

Reply

gravatar

From Josh Kirschner on January 18, 2021 :: 5:17 pm


You’re probably okay if you didn’t submit the information, but to be on the safe side you should change your password and I recommend setting up two-factor authentication, as well.

Reply

gravatar

From Anne on January 27, 2021 :: 12:12 am


I did not enter any information. I clicked, a page opened in a new tab. I did not enter anything. I have noscript running at all times as well as ghostery and adblocker. I immediately closed the window. This evening a friend reported getting a link from me. So far I have logged out of all sessions, changed password. Authentication/notification was already in place. I don’t think this was a hack so much as a clone job of some kind.

Reply

gravatar

From Kim on February 19, 2021 :: 3:55 am


I opened it and stupidly put in facebook log in details and did not realise until friend sent txt next day saying do not open changed password next day but how do i know if i have been hacked etc etc

Reply

gravatar

From Josh Kirschner on February 19, 2021 :: 10:38 am


If you got in and changed your password, you’re probably ok. But I would turn on two-factor authentication to help keep yourself safer in the future.

Reply

gravatar

From Dale on March 10, 2021 :: 10:10 pm


So we opened the vid link and put in password. We were contacted by an out of state person looking to confirm our credit card info.  We checked our checking and a few hundred was sent to another person on our contact.  We checked our Facebook pay and we received $800 from another contact.  We can only assume that they would have access from our account to claim the money sent to us.  Yikes.  We changed password now.

Reply

gravatar

From Jose on May 23, 2021 :: 4:54 am


Josh please I need some clarification on this: there are people in this thread saying this and also my real life friends, who have come in contact with this scam, apparently it DOES send out the message EVEN WITHOUT filling out the info.

I received the message, I’m 100% sure it is not from a cloned account and the friend who manages the account swears they did not fill out the info (they backed out of the page as soon as it started loading).

Can you please explain this? It just riddles me soooo hard as it goes in opposition to what you are saying here… I need to know what’s going on.

Reply

gravatar

From Josh Kirschner on May 25, 2021 :: 10:42 am


This issue has been around for a long time and I’ve researched it quite a bit. To date, I haven’t seen any credible evidence that malware is being exploited to steal user credentials or access Facebook accounts/messaging. Everything I’ve read from security research sources indicates that this is a pure phishing scam. And given how much press this has received, I’m sure it is also something that Facebook has researched and would have patched if it were a security hole on their end.

So how come all the reports of exploits where people didn’t log in? Here’s what I think may be happening:
1) People did log in, but it’s such a natural action for them that they don’t even remember that they did.
2) Your friend’s account was already compromised, either through a previous phishing attempt or because they have weak password security that allowed an attacker to access their account through a data breach from another source.
3) These requests are coming from cloned accounts (though, perhaps, not in your case).
4) They didn’t log in, but did click on a malware download (e.g., fake Flash update to view video) that compromised their systems.

Without being able to do a deep analysis on your account and your friend’s account, it’s hard to provide a more specific answer. But some things you can look for are to go to your Facebook Settings and under Security and Login see where and when you have been logged into your Facebook account. Setting up two-factor authentication (which everyone should do) will also prevent your account form being compromised, even if you do accidentally log in to a malicious site.

Is it possible that I am wrong and that there is a Facebook login security hole being exploited by malware? Of course. And if something is found I will update this story.

BTW, thanks for this question. I’m going to update the story with some of this info since it comes up occasionally in the comments.

Reply

gravatar

From Stuart Steven Rees on June 04, 2021 :: 3:35 pm


but if there holding my money for me. how will i get it if my profile ends up being permanently deleted.

Reply

gravatar

From LAKESHA on July 17, 2021 :: 2:31 pm


XOOX
NO SUCH
XTHINGX
X00X
X

Reply

gravatar

From Alex Sánchez on July 21, 2021 :: 10:00 pm


Hello Josh
I just got this and i logged in my credentials, i realized inmediatly after it was a scam and changed my password within 3 minutes.

I don’t know if this helps, but i logged in because when I clicked the “user” space all my emails for facebook showed, like it was a real page (I have different emails for school and work and family and they all showed). I just clicked the one I was going to use.

Maybe that’s got something to do with people saying they didn’t log their credentials but still got the problem?

Reply

gravatar

From Alex Sánchez on July 21, 2021 :: 10:06 pm


Is there a chance they automatically or manually downloaded or cloned my Facebook information in those 3 minutes?

I like to think they check their program every few hours to see how many credentials they got, and in the meantime i changed my password and im safe. But who knows…

I haven’t seen anything sent from my inbox or home page in the last hour since it happened.

Reply

gravatar

From Josh Kirschner on July 22, 2021 :: 1:25 pm


I suspect that the form was set up with a generic email field and your browser autofilled this from its settings, rather than pulling anything from Facebook (see: chrome://settings/addresses?search=auto). There are a couple other ways I could potentially see a similar type of phishing process working. I am still skeptical that Facebook credentials could be compromised without user input.

Reply

gravatar

From Jasnon on July 27, 2021 :: 9:35 pm


Hello sir,I saw an ads in fb that claimed apps updated due to ios14+, so I thought this apps is legit.. As usual, I login via my fb information and then I realised my fb has been hacked..

So my question is, does this apps can steal my videos, photos and files? And I also checked in permission section, this apps state ‘no permission requested’ in my phone.

Reply

gravatar

From Josh Kirschner on July 29, 2021 :: 9:24 am


If you change your password, the app won’t be able to access your Facebook account. Also, you should revoke the app’s permissions in your Facebook settings. Read our Guide to Facebook Privacy Settings and look under the section “Using Facebook to log into apps and websites” for steps on how to do that.

Reply

gravatar

From Jasnon on July 29, 2021 :: 12:36 pm


I’m lucky my Facebook already secure with help from FB representatives… Just want to double confirm is my files secure from that apps or not, especially private stuff in Sd card

Reply

gravatar

From Josh Kirschner on July 29, 2021 :: 1:19 pm


Based on the app permissions, your files should be fine. And most apps that are malicious downloads aren’t focused on stealing pictures and videos. However, future updates may change the requested permissions and that could be an issue. Or, the app could go rogue in other ways, such as being a source for adware. So delete if you haven’t already.

I took a look at the app on Google Play and it throws up a lot of warning signs. All the reviews are five stars and were entered over just the last two days - July 28th and July 29th - and were entered in the same block of time each day. The reviewer names appear to be made up. The review text often makes no sense in the context of what the app does. There are numerous spelling/grammatical errors on the app page and their website. The developer has no other apps. The app logo is made to look like an official Facebook AI logo. What a mess…

gravatar

From Jasnon on July 29, 2021 :: 7:24 pm


Thank you sir for the answers, now I can sleep well without any worries after uninstall that apps.. Thanks again sir!

Reply

gravatar

From diana bogotay on September 15, 2021 :: 6:04 pm


I do not have my facebook account linked to my bank information. Yet somehow they were able to google pay one of my friends and harrassed her telling her to click the money. She tried to do the right thing, which wass the wrong thing, in sending me the money back. I couldnt even accept it because I dont have my bank account information in there nor do I want to have my bank account information in there. Somehow they were able to accept the money with a visa ending in 5451. Somehow they were also able to brake into an account that is not assosciated with my facebook and it said the log in was from chicage. I kicked them out then they somehow got back in even with me changing my password so I kicked them out again. When I changed my password on fb, and things continued, i dove more into my security to find that the device they logged in with was never signed out of when I changed my password. So I kicked the device out and changed my password again. Right now I am on the phone with my bank they toook 233$ from me and I wish nothing but misery for the f**ckers behind this

Reply

gravatar

From Sim on September 16, 2021 :: 10:31 am


Similar link came through from a trusted fried via messenger, tried to reach her to ask her about the link, she didn’t respond. I clicked the link anyways and wasn’t going anywhere. I stopped where it asks for credentials. The next day all my contacts received sameblink, friends and family were reaching out to me to check my account. I was in the verge of letting go FB due to its unsecured privacy policy,I decided to delete it permanently.Am i safe now that I deleted it?

Reply

gravatar

From Josh Kirschner on September 16, 2021 :: 12:52 pm


If you really didn’t enter you credentials, I don’t think you were ever at risk. I have seen no confirmed evidence that Facebook accounts can be compromised via this type of download attack.

What I suspect may be happening (and it is just a guess) is that when you visit one of these sites there is an automated process to pull your Facebook profile info, including your Friends (if you don’t have your Friends list set to Friends Only). Then, a clone account is set up using your profile info and it sends the link spam to all of your friends.

If that is what is occurring, it would explain why your trusted friend didn’t respond to you (because the account was actually a clone account). And it would also explain why your contacts received the link even though you didn’t enter your credentials. If you ask one of your friends to search you on Facebook, do they see an account for you that isn’t yours?

Reply

gravatar

From ugh on October 09, 2021 :: 11:34 pm


I accidentally clicked a link my friend sent me before it loaded and noticed it was bs closed it but a nexus 5 managed to get my google account fast but I changed password and enabled 2 factor
Insane how fast they got my information from a 5 second at most 😳

Reply

gravatar

From IT Guy on October 13, 2021 :: 12:01 pm


This happened to my sister’s friend, I helped her change her password and enable 2FA. Facebook also has a “re-secure account” feature which walks you through changing your password and then lets you select if any access was made to your account and if it was you or not.
Somebody had accessed her account from the Dominican Republic and at the time the messages were sent. But other than sending out the spam messages to her contacts they didn’t do anything else on the account.
I didn’t ask her if she put in her password/email after clicking on the link, I just assumed she did and probably didn’t think about it.

Honestly, when it comes down to it an ounce of prevention is worth a pound of cure. Enable MFA or 2FA and use secure passwords, that should protect you from most of the scams or ‘hacks’ out there.

Reply

gravatar

From Joy on October 15, 2021 :: 6:36 am


Hello, my mother had this link sent to her, she clicked it but didn’t fill in the details but just clicking the link is what sent it to everyone in her friends list instantly. It was ‘kuza. me’ in the link and I believe just clicking the link sets off the chain which messages everyone in your friends list. This is before they’ve gotten your details.

I’m not saying this is the malware bit but it might make sense as to why it’s sending to friends when you didn’t write in details.

Reply

gravatar

From Josh Kirschner on October 15, 2021 :: 4:45 pm


A number of people have claimed in this thread that the scam was able to forward messages to friends without logging in. Most of these claims are second or third hand accounts, or where people don’t remember clearly whether they logged in or not.

However, I’m very skeptical this is really the case. First, I have yet to see any evidence of this occurring from security researchers. Second, not requiring login would undermine the whole purpose of the scam, which is to phish your Facebook credentials.

If anyone has a link they believe leads to a scam page that is able to forward messages without login by the user, please contact me at josh@techlicious.com so we can coordinate on investigating it directly.

Reply

gravatar

From Donny Holland on November 04, 2021 :: 3:37 pm


Is it possible that since our passwords and so forth are automated now with keys that somehow they are fishing in such a way that they trick my phone to think it’s the actual site and then my phone just gives them the password automatically just a thought?

Reply

gravatar

From Josh Kirschner on November 16, 2021 :: 10:52 am


Your phone’s password manager (whether iPhone or Android) will only autofill when the URL matches what it is set up for. I’m not aware of any way to trick a device into thinking it is connected to a different URL than it actually is (not saying it’s impossible, but haven’t seen that type of attack). And for pretty much every major site, that login in will be over https, protecting it from man-in-the-middle type snooping. In that regard, password managers are essentially immune to phishing when allowed to do their thing, unless the user overrides it and instructs an autofill on a phishing site.

Reply

gravatar

From Chris on November 16, 2021 :: 4:32 am


This is an old virus \ malware scam that I was completly aware of and would never click on it yet somehow I was on fb yesterday and all,of a sudden while I was on fb I watched my acct send out the virus via fb message to a bunch of of my contacts i Immedielty tried to warn all of said friends then promptly erased messages and changed password and started using two factor authentication . Today I keep going to load things from both of my email accts on the net and I keep getting “this connection is not private “ kinda worried and unsure of how to proced I’m using an iPhone 10 and a iPad pro second gen

Reply

gravatar

From Josh Kirschner on November 16, 2021 :: 10:57 am


If you’re getting a “this connection is not private” message, that likely means you are entering info on a site using http, rather than https. Facebook and every email provider will force connections over https, so if you’re seeing that message, you’re not on Facebook or your email provider’s site, and may be entering information through a phishing site or have some other malware that is coming between you and your email.

It’s hard to provide more specific direction without knowing more detail about exactly what you are doing and seeing, but make double extra sure you are going to the correct URL.

Reply

gravatar

From John on December 10, 2021 :: 4:00 pm


I got this on messenger on my android phone, me and many other my friends. I click on the (is that you on video?) and I see a message that I need to install or accept something another program let I can see the video. I did not click anything , just I close the app. I run malwarebytes but nothing found. All seem normaly , just I see that my phone wallpaper change frequently - I had standard before.  Is it possible my mobile to be infected and someone has access to my photos credit cards and other sensitive details in my phone? From the friend from which came the messages he says that he did not open anything , just he click to the (is that you on video?)

Reply

gravatar

From Tony fields on December 14, 2021 :: 1:23 pm


She says she’s a 22 year old girl we was talkin we went in to video chat and then she saved my video and she’s using it for blackmail how do you get it back

Reply

gravatar

From Josh Kirschner on December 14, 2021 :: 3:02 pm


Unfortunately, you can’t “get it back.” Though if she blackmails you for money, there’s no guarantee they won’t keep coming back for more. This scam has been around for years and most advice on the topic is to ignore it. They likely won’t actually do anything with the video, they just want your money.

Reply

gravatar

From asamhalshbh557 on April 11, 2022 :: 7:44 pm


♥♥♥♥♥♥♥♥♥😱😱😱😱😱😱😱😱😱😱

Reply

gravatar

From Frank Johnson Sr. on June 12, 2022 :: 2:38 am


This girl wanted my phone number, I gave it to her.
Next thing I know Facebook sends me a Facebook Code and she says to send that code to her and we can video chat.  I said NO…never heard from her again.

Reply

gravatar

From MC Peepants on July 12, 2022 :: 1:11 am


So this message said

“Oh my God guess who just died!”

So I click it right cus I’m like “oh my god who!?”
And it takes me to my Amazon account, but I’m already logged into, which is wierd that it took me there but more wierd that it was legitimatly my Amazon account because I was already logged in to it. Well I immediately changed my FB password and low and behold. My father calls me the next morning.. “who died? And why would you tell me by FB messenger and some strange link anyway?” Thankfully HE did not click the link, however these FU@#!%$ sent that same message to absolutely EVERYONE I know and everyone i EVER have known, people I used to have phone numbers to but no longer do and never was FB friends with them, even them, like from the beginning of my life… everyone! Crazy, I do not lie or exaggerate it was like almost 500 people that got sent that message from my FB messenger.

Reply

gravatar

From Josh Kirschner on July 12, 2022 :: 10:20 am


If you go to Messenger, do you see the sent messages from you? If your friends click the profile of the person who sent the message, does it go to your real profile (with past posts and all) or does it go to a cloned profile? If you are 110% sure you didn’t enter/change your Facebook password on a phishing site (it’s possible it took you to Amazon to distract you and popped up a phishing Facebook page as a popunder), I strongly suspect the message was sent from a cloned profile. We also have a story on how to prevent your Facebook account from being cloned: https://www.techlicious.com/tip/facebook-account-cloning/

I’ve gotten many of these links myself and they ALWAYS have a phishing component.

Reply

gravatar

From Rosy zote on August 11, 2022 :: 8:50 am


Sir, my facebook account is disabled,please loggin my facebook account.

Reply

gravatar

From John on August 13, 2022 :: 5:53 pm


I was on FB on my browser (Chrome). I clicked on a messenger link from a friend (“Look who died”). The link directed me to Youtube (no specific video). There was no request to enter login info. I immediately closed the Youtube tab, without clicking on any links. The next day on FB I checked “Settings and Privacy -> Settings -> Security and Login” and it showed that someone had logged into my account from a different (adjacent) state. Coincidence? I immediately changed my FB pw. So far (two days later) I have not noticed any issues. I have used a couple different programs (malwarebytes and chrome) to scan for malware and neither has found any.

Reply

gravatar

From Hoover1979 on December 05, 2022 :: 5:00 pm


I encountered this yesterday after a friend got hacked and the hacker posted multiple video posts with all their friends including myself for a video called “Snappy Jump” which redirects to the fake login page requesting to enter my login details to “verify my Facebook account” 

Of course, as this was the first time this happened I was suspicious and upon a google search I found out about the scam.

I didn’t enter my details. I also have 2FA for Facebook.  This scam is back and everyone needs to take notice.

Reply

gravatar

From Russ on February 20, 2023 :: 12:53 am


2/19/23 This just happened to my acct today. I both received a link from a facebook friend & my account was used to spam send to all my facebook friends. Going through the messages and warning them not to open link.

Reply

gravatar

From Christine Thomsen on September 13, 2023 :: 2:54 pm


Dear dear Josh.

Thank you for this fine artikel.

Please help us.

A dear relative of mine did click the link 2-3 years ago.

Shortly after someone made an fake IG acount using an old FBname and a old picture of him wearing a mask. He doesn’t remember if the picture was ever on FB, but knows the name was.

Now he has been living in absolut panik and fear ever sine.

Do you think the FB link and the fake IG acount are related?

He’s afraid that clicking the link may have given someone acces to pictures and videos on his computer and his ITunes. Especialy because he can’t remeber if the picture used in the fake IG was ever online on FB.


I’ve told him about your artikle. Saying, that the link probably ONLY gave acces to old and new FB information. NOTHING else. NOT his computer. NOT his ITunes. NOTHING but FB - and that the old name and the old picture probably where on FB somewhere.

What do you think about this?

Is there somehow he can check if his pictures, videos and codes are stolen?

It’s ruining our lifes.

Hope you will answer this.

Sorry for the bad spelling. I’m from Danmark.

Love

Christine

Reply

Read More Comments: 1 2

Our Latest Reviews

New Articles on Techlicious

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.