A Facebook app that makes the tempting offer to change the colour of a user’s Facebook profile page is tricking people into giving hackers access to their account.
Called Facebook color changer, the app works in two ways to give hackers access to your personal information.
The first method takes users to a phishing website with a tutorial video on how to use the app. By clicking on the video, the user gives hackers access to their Facebook account, including their list of friends.
The second method attempts to also infect the user’s computer with malware. PC users are taken through to a pornography video player while Android users are shown a message that claims their device is already infected and offers to install anti-virus software. Taking up the offer installs the virus on the device.
Netsafe’s digital project manager Chris Hails said people should be cautious about falling victim to social engineering scams with newsfeed items or messages that tempt you to click.
“Patch your system and use a modern browser to help protect your devices and don't download porno video players or security clean-up apps,” Mr Hails said.
Netsafe's Security Central website has this advice to how to avoid getting phished:
- Learn about the various phishing species that try to hook you and reel you in
- Be careful when you receive emails requesting urgent account verification
- Don’t download and open unexpected attachments
- Curiousity kills the cat – avoid clicking on video or photo links posted on your newsfeed
- Don’t respond, download files or click on links to websites you’re suspicious of
- Investigate any online offers carefully that appear to be too good to be true
- Check to see if your anti-virus software comes bundled with anti-phishing tools