If one of your Facebook friends sent you an email that said “Is this you?” with a link to a video, would you click on it to see if it’s you? If so, there’s a good chance you’re going to get phished, because you just fell for the newest Facebook phishing scam.

According to the Better Business Bureau, “There’s a phishing scam making the rounds. If you’re a victim, you receive a message from someone you know and trust, one of your friends and family members. The message expresses they were surprised to have seen you in a video and contains a web address that’s supposed to lead you to it. You’re not in the video.” The twist here is the bad guys are using Facebook Messenger to deliver their payload.

From the article, “You only typically hear from people you care about through Messenger, so your guard is already down. When you see the notification you’ve received a message, you experience a tiny dose of positive emotion, expectation and curiosity. You want to know what this person you care about has to say. Before you even click on the message, that bait has your attention.”

“The message reads something like, ‘Hey (your name), what are you doing in this video lol! Search ur name and skip to 1:53 on video. Type in browser with no spaces -> (then they give you a web address).'”

There are tools out there to protect you from phishing emails. Tools like Phish Protection with real-time link click protection. Not only does Phish Protection prevent phishing emails out of your inbox, but if one should get through AND you accidentally click on a malicious link, Phish Protection protects you from that too.

Unfortunately, not even Phish Protection can save you from a malicious link in Facebook Messenger. For that, you just have to know ahead of time that the link is malicious and not click on it, which is why I wrote this article.