A warning to all the Facebook users out there – the scammers are after your login details again, this time by spreading a link which purports to be a video of Barack Obama.
The president is finally taking charge!!
Is this really for real?.
The image used in the message looks like a YouTube video thumbnail, but if you click on the link you are redirected, via a cross-scripting vulnerability on an MIT webpage and then Reddit, to a phoney Facebook login page.
It may look like Facebook, but it’s not the real Facebook. It’s designed to phish your username and password from you.
Incidentally, the page is hosted on an almost identically-named domain to one we’ve previously seen used in a Facebook phishing campaign.
Facebook usernames and passwords are an increasingly valuable commodity for cybercriminals – once they have those, they’ll be able to log into your account, post messages in your name, spread spam and malware and perhaps raid your profile for personal information that they might be able to use for identity theft.
Worst of all, perhaps, they can pose as you and cause tremendous problems for your friends and family.
So, if you think you might have fallen for a scam like this, change your Facebook password immediately and scan your computer with an up-to-date anti-virus product.
If you’re on Facebook and want to learn more about security threats on the social network and elsewhere on the internet, I’d recommend you join the Sophos Facebook page.