(UPDATE) If you are one of the many Facebook users who got tagged by someone you don't know in a porn post, don't click or tap. It's a scam, according to a tech expert.
The malicious tagging malware was first reported in 2015 and reemerged recently, this time using lewd photos as bait.
Just don't click it, said veteran tech editor Art Samaniego. If you clicked it, don't download the player that it is asking you to install on your device, he said.
"Ang ginagawa ng malicious tagging, ita-tag ka n’ya tapos pornographic materials or videos ang kunyari nakalagay pero ‘pag kinlick mo ito, dadalhin ka n’ya sa isang fake na website at sasabihing kailangan mong mag-download ng app o program para mapanood mo ‘yung video," he said on Facebook.
The Office of Cybercrime at the Department of Justice said it received confirmation from Facebook that the page associated with the malicious tagging “has been removed and its administrators were sanctioned.” It encouraged the public to report similar incidents.
So, you got spammed
Spam is unsolicited content, including bulk messages, post links or images, and friend requests from people you don’t know. This includes malicious posts circulating online.
This most recent tagging scam aims to capture the user's Facebook log-in and password and other sensitive information like bank details. This happens when the user who clicks on the spam link downloads the "player," Samaniego said.
According to Samaniego, strangers are using enticing materials like porn to tempt tagged Facebook users to supposedly download a Flash player on their device, which would then capture their Facebook log-in username and password, and other sensitive information like bank account details.
MORE ON CYBERSECURITY:
Think Like a Scammer to Outsmart a Scammer
How to Turn on Two-Factor Authentication
Access to the Facebook details will allow spammers to send more unsolicited content, he said.
"Pag na-infect ‘yung gamit mong device, babasahin din nito ang Facebook mo at lahat ng friends mo, papadalhan mo ng link… without you knowing it,” Samaniego said, warning mostly desktop and laptop users.
He said mobile users may see the tags, but can’t download the Flash app, which shut down in 2020.
“Kahit i-click mo ‘yan [via mobile], hindi ‘yan magda-download ‘pag cellphone ang gamit mo. Ang epekto n’ya ngayon sa cellphone, very annoying siya pero mababa ang infection,” he said.
Here's what you need to do
Facebook has some helpful tips on what to do when you get tagged in a spam post.
- Avoid clicking suspicious links.
- When tagged by a friend, confirm if they are behind the comment.
- Report the post or the profile responsible for the post to Facebook. Here’s how. (https://www.facebook.com/help/1380418588640631?helpref=faq_content)
- Opt to review tags people add to your profile by going to Settings and clicking Profile and Tagging. (LINK “Profile and Tagging”: https://www.facebook.com/settings?tab=timeline)
What if you’ve already clicked on a bad link?
Facebook said to keep accounts secure by:
- Using a strong password exclusive to your Facebook account.
- Immediately changing passwords.
- Not sharing passwords to other people.
- Checking the website’s URL before entering log-in credentials.
- Logging out of the account when using a shared computer
- Rejecting suspicious friend requests.
- Reporting suspicious links even when they appear to come from friends.
- Setting up two-factor authentication and activating alerts about unrecognized log-ins.
- Checking your log-in history for possible suspicious log-ins and deleting unwanted actions in activity log
Reportr is now on Quento. Download the app on iOS and Android or visit the Quento website for more articles and videos from Reportr and your favorite websites.