‘Are you the one in this video?’ How to avoid social media scams | #socialmedia | #education | #technology | #infosec

In the last month, a phishing scam that comes from your own contacts with the message “Are you the one in this video?” Has become viral through social networks? The main objective is the identity theft of users.

How does this scam work?

This type of malicious program is distributed through messages that circulate with a text and a link that can come directly from a contact you have on the social network. In fact, it is very likely that this contact from whom you received the message was also a victim of this type of scam .

The quality of this virus is that it has the ability to replicate itself every time someone clicks on the link. According to Facebook , the device infected with the virus carries out unwanted actions within the social network, such as posting spam in the biography, sending the same message to more contacts and of course, delivering system information.

The effectiveness of this scam is in the confidence that the message generates when coming from your own contacts. When the user accesses the link from a mobile device, he is directed to a phishing site that pretends to be the official login page of the social network, where the user must supposedly enter the email address and password that he uses to access your account.

It is one of the ways to enter other platforms and start a massive data theft. With active users on social networks and working remotely, it is extremely important that we know how to identify threats of this type. If you click on a link and the web page it takes you to does not have HTTPS, it is the first sign to get out of there.

Remember that this type of virus can also reach other applications and can also pass in digital work environments, causing gigantic damage to operations and reputations. Therefore, you must not only be careful with personal data, you must also avoid using your work computer for your own purposes.

People and companies must have a Zero Trust mind, that is, not trust users or devices inside or outside the company’s private network and offer the least possible access to data. In cases like this, don’t let your guard down and don’t click on links that may seem strange to you, even if they come from your own contacts.