'My Home is Burning' Facebook Phishing and Malware Scam
Private Facebook message purporting to be from a friend of the recipient claims that the sender's house is burning to the ground. The recipient is invited to click a link to see footage of the fire.
The message comes from a hijacked Facebook account. The friend's house is not burning and there is no video. Those who click the link will be taken to a bogus Facebook page designed to steal their Facebook login details. And, those who do login on the fake page will then be redirected to another page that claims that they must download a YouTube Player update before they can view the fire video. However, clicking the "update" link can install malware on the user's computer.
My home is burning to the ground. Check it out here its so bad [Link removed]
Users have reported receiving private Facebook messages claiming that a friend's house is burning to the ground. The message asks users to click a link to check out the fire.
However, there is no fire. The message comes from a hijacked Facebook account belonging to a friend of the recipient. If the recipient falls for the ruse and clicks the link, he or she will be taken to a bogus webpage designed to look like a normal Facebook login page. A message on the page will claim that the user must login to see the desired content.
If the user enters login details and presses the "login" button, he or she will be redirected to another bogus webpage that claims that a YouTube Player must be installed.
However, downloading the supposed YouTube update will install a trojan on the user's computer. Typically, such trojans can harvest information from the compromised computer and allow criminals to control the computer remotely.
Meanwhile, the scammers can use the information stolen via the fake Facebook login page to hijack genuine Facebook accounts. Once in the compromised accounts, the scammers can lock out the rightful owners and use the accounts to send out more of the same "My home is burning" scam messages. Thus, the cycle continues.
This campaign is similar to earlier phishing and malware attacks including one 2012 incarnation that was spread via Twitter direct messages.
As always, you need to use caution when following links in messages, even if the message appear to come from one of your friends. If the link leads to a page that asks you to login to one of your online accounts in order to see the promised content, be sure to use caution and common sense. Make sure that you are on the account's legitimate login page rather than a fake phishing site.
In fact, it is safest to login to all of your online accounts by entering the address into your browser's address bar rather than clicking a link in a message.
And, any message that claims that you must download a plugin or update to view a promised video or news article should be treated with suspicion.
Last updated: December 29, 2013
First published: December 29, 2013
By Brett M. Christensen