Almost half a million users duped by Facebook phishing campaign

News
By published

Think twice before opening that message from an 'old friend'

Person typing
(Image credit: Shutterstock)

After investigating a malicious message sent via Facebook Messenger, the researchers at CyberNews have uncovered a large-scale phishing campaign that has tricked close to 500k Facebook users.

The “Is that you” phishing scam first started circulating on the social network back in 2017. The scam begins with a message sent by one of a user's friends in which they claim to have found a video or image with them featured in it.

However, the message appears as a video that when clicked, leads a user through a chain of websites infected with malicious scripts. These scripts are able to determine a user's location, the device they're using and even its operating system.

From there, the scripts lead users to a Facebook phishing page to harvest their credentials and then if possible, infect a user's device with adware or other malware.

Is that you?

While the “Is that you” phishing scam has been around for years, the campaign discovered by CyberNews began operating at the end of January 2020 and so far 480,00 users have fallen victim to it with 77 percent of the victims residing in Germany.

Due to the large-scale nature of the campaign and how it appears to mainly target German users, the news outlet shared its report with CERT Germany, Facebook and the URL shortener service wal.ee which was used by the threat actor responsible.

At the same time, the threat actor also used a legitimate third-party web statistics service to track their campaign which is how CyberNews was able to uncover it in the first place and learn how many users were affected. 

Interested users can read the full report here and CyberNews recommends that those at risk of phishing use a password manager, two-factor authentication and remain vigilant when checking their messages online to avoid falling victim to this or other similar scams.

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is about to make a major announcement about the MCU, and nobody's sure what it'll be
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
Group of people meeting
Inflexible work policies are pushing tech workers to quit
More about security
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
WithSecure Elements EPP and EDR main image

I tested the WithSecure Elements EPP and EDR - read how I rated this Endpoint Protection for small business
See more latest
Most Popular
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is about to make a major announcement about the MCU, and nobody's sure what it'll be
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Group of people meeting
Inflexible work policies are pushing tech workers to quit
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 27 (game #655)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 27 (game #389)
Youtube
YouTube Premium could be getting a new time-saving perk, showing you recommended videos directly in your playback queue