Facebook users have noticed and reported a new scam making rounds on the popular network . [ 1 ] This time , it is the same old Facebook Messenger virus that compromises user accounts and acts on behalf of the victim to distribute the malicious link further . The scam uses a basic social engineering technique that lures Attack.Phishing the potential target into clicking on the provided URL . In addition , the victim feels safe since the link comes from Attack.Phishing one of his Facebook friends . The message usually includes a short line that looks similar to “ its you ? [ name ] : |. ” The emoji at the end of the message differs , and the provided link is shortened ; therefore the user can not figure out where it leads . However , the shortcut indicates that the link leads to a mysterious video and triggers victim ’ s curiosity to check it out . Typical strategy : Install something to watch the video Cybersecurity experts are already familiar with the technique used to trick Attack.Phishing questioning users into installing the Facebook Message Video virus . As soon as the victim clicks the compromised link and enters the phishing website ( which apparently is designed to look like Attack.Phishing YouTube or another popular video sharing platform ) , a misleading pop-up appears Attack.Phishing , asking the victim to install an update or an application ( it could be a fake Adobe Flash Player or a plug-in ) . The file suggested to the user contains no software related to video streaming and simply carries the malicious payload that later compromises Attack.Databreach victim ’ s account and sends out Attack.Phishing the deceptive messages to all victim ’ s contacts . Speaking of fake Adobe Flash Players , we want to inform you that these are one of the most dangerous threats to your security . One of the latest cyber attacks Attack.Phishing was based on fake pop-ups appearing on compromised sites , urging Attack.Phishing people to install an updated Flash Player . Unfortunately , launching the install_flash_player.exe file only infected the computer with Bad Rabbit ransomware .

If you get Attack.Phishing a Google Doc link in your inbox today , scrutinize it carefully before you click—even if it looks like Attack.Phishing it comes from Attack.Phishing someone you trust . A nasty phishing scam Attack.Phishing that impersonates Attack.Phishing a Google Docs request has swept the internet today , including a decent chunk of media companies . You 've heard `` think before you click '' a million times , but it really could save you from a whole lot of hassle . Google has taken steps to neutralize this particular phish Attack.Phishing . The company said in a statement that it has `` disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . '' But when it comes to phishing defense Attack.Phishing there 's always an element of cat and mouse . Large-scale phishing attacks Attack.Phishing and those impersonating Attack.Phishing popular services like Google log-in pages regularly stalk the internet . `` The importance of this phish Attack.Phishing is not how it spread , but rather how it didn ’ t use malware or fake websites tricking Attack.Phishing users to give up their passwords , '' says Aaron Higbee , chief technology officer at the phishing research and defense company PhishMe , which analyzed data from the fake Google Docs campaign. `` This phish Attack.Phishing worked because it tricked Attack.Phishing the user into granting permissions to a third-party application . This is the future of phishing Attack.Phishing , and every security technology vendor is ill-equipped to deal with it . '' Similar Google Docs scams Attack.Phishing in particular have been circulating Attack.Phishing since at least 2014 , but that does n't make them any easier to spot , in part because they seem so authentic . Phishers can use real Google accounts and develop third-party plugins that can interact with Google services , so they can lure Attack.Phishing victims in through the most perfect-looking Google web pages of all : Genuine ones .

Chrome users have lately been targeted with a few unusual malware delivery and scam attempts . The first one comes from Attack.Phishing compromised WordPress sites that have been modified Attack.Phishing to include JavaScript that changes the text rendering . A visitor sees the page as an unreadable mish-mash of symbols , and is prompted Attack.Phishing to update “ Chrome ’ s language pack ” so that the text is rendered correctly and he or she is able to read it : “ The usage of a a clean , well-formatted dialog to present Attack.Phishing the message with the correct Chrome logo – and , more importantly , – the correct shade of blue for the update button . The shape of the update button seems correct , and the spelling and grammar are definitely good enough to get a pass , ” NeoSmart Technologies ’ Mahmoud Al-Qudsi noted . wrong version numbers ) during the download and installation process , but not all will . The bad news is that Windows Defender or Chrome don ’ t flag the file as malware and , at the time of the initial discovery , very few AV engines detected it as malicious ( the situation is much better now ) . Chrome will tell users that “ this file isn ’ t downloaded very often ” as a warning of its potential malicious nature , but that ’ s unlikely to stop users who are accustomed to click through security warnings . The second threat comes in the form of a malicious Chrome extension that is pushed onto visitors of compromised sites . The potential victims are redirected to such sites mostly through malvertising schemes , and they are faced with the request to install the extension in order to be able to leave the site – no other option is given , and the browser is stuck in a never ending loop of fullscreen modes . The extension aims to redirect victims to unwanted software , get-rich-quick schemes , and various scams . “ This extension ensures it stays in hiding by using a 1×1 pixel image as its logo and by hooking chrome : //extensions and chrome : //settings such that any attempt to access those is automatically redirected to chrome : //apps . That makes it much more difficult for the average user to see what extensions they have , let alone uninstalling one of them , ” Malwarebytes ’ Jérôme Segura explains . Victims will have to use a security solution to do it , and likely another browser to search for it and install it . Malwarebytes detects this extension as Rogue.ForcedExtension