The Romanian government issued a very important warning for millions of Romanians all over the country, and as you can see below, we are talking about an extremely serious problem that everyone should know about right now.
The Romanian government is telling the Romanians, through the government agency CERT-RO, about a new phishing attack that is being distributed through social networks all over the world, and everyone must be extremely careful about it.
"Attention, after Facebook users were targeted in the past by a phishing campaign with trap messages of the type 'look like you', 'appear in this video', a similar attempt is circulating these days on other social networks, as it would be Instagram.
The CERT-RO team published at the time a series of warnings about this universal method used by attackers.
The messages usually contain a malicious link, which the sender claims is a video or picture of the person to whom the message was sent. The text of the received message can be in both Romanian and English.
Once accessed, that link does NOT lead to the promised clip. Attackers do not provide additional details and take advantage of human curiosity to get the user to click. Furthermore, they use a URL shortening service to mask the actual website you are about to visit.
In some variants, that link redirects to a phishing site, where the attackers harvest the credentials to the potential victim's Facebook account, and in others accessing the link can lead to the installation of malicious software.
For example, if you are redirected to a fraudulent login site and enter your login details, they are uploaded to a remote online server that cybercriminals have access to. They can use them directly to try to gain access to your account, from where they can extract additional data or launch other attacks, or sell them on to hacker forums.
In addition, most of the time accessing the link redirects the victim of the attack through multiple websites composed or even designed to spread various types of cyber traps, including #spyware, #adware or even #ransomware.
At the same time, the message will be sent to your social media contacts and the friends you have in your account list will be in danger of falling into the same trap. That is why it is important, in addition to avoiding accessing links from unknown sources or unsolicited messages, to have a security solution installed on your devices to scan such resources that you are not sure about.
Recommendation
So, in the situation where you receive in a private message on social media a link associated with messages of the type 'looks like you', 'appear in this clip' (RO) or 'it took me about 3 hours to make' is strongly indicated do NOT access the link provided. However, if you access the link, we recommend that you:
1. Change your social media account password immediately and enable 2-step authentication (2FA)
2. Make sure that you are not logged into your account in suspicious locations that you do not recognize and that third-party applications have not been granted permissions on your account. Remove those applications that you consider suspicious.
3. In addition to these measures, the following are recommended:
– performing a scan of the device with the help of an anti-virus solution;
– checking the apps installed on the device to make sure no new, unknown ones have been added
– checking the privacy settings on the social media account to make sure there are no changes.”
