Facebook survey scammers have lately become great fans of browser add-ons that force scammy messages onto the victims’ Wall and News feed, but in a recent campaign they went even further and are trying to fool the users into sharing their Facebook login credentials.
The scam itself starts like many others – the lure is a video that “96% of most(!) people cant even watch for more than 15 seconds”. To be able to watch it, the users are asked to install “Prenium plugin” and reload the page.
Now, only Firefox and Chrome users are asked to install it – those using other browsers get redirected immediately to the surveys without viewing the video.
Firefox and Chrome users do get to see the video after having followed the instruction, but in the meantime the installed plug-in prepares a nasty surprise for them for when they return to their Facebook account:
“Once the loading is complete, the browser redirects you to a webpage bearing a disturbing message ‘Your account was recently accessed from a location we’re not familiar with’,” warns BitDefender. “The text goes on trying to scare you into believing there’s something wrong with your Facebook account. Unfortunately, the option to “Continue’ with the account verification process is not available because it is blocked by the one thing the hoped to escape: the scam survey.”
The goal is to force the users to complete a survey AND reveal their login credentials so that the scammers may use their compromised accounts to spread this and other scams further.
Inexperienced users are likely to fall for the trick once they see that no matter what they want to access on Facebook, the warnings wont budge and let them.
There are two solution to this problem. They can either use another browser to access Facebook, or deinstall the “Prenium” plug-in – the latter option is preferred if they want to keep using their favorite browser.
In any case, users are advised to change their Facebook password if they completed the fake account verification process, and to clean up their Wall and News feed of any scammy messages.