So you click on your friend’s attachment. Just like that, you’ve fallen for one of the biggest Facebook scams out there. So far, this dangerous Facebook scam has duped around 500,000 people. Scammers love Facebook, and they’re always coming up with new tricks to take away your privacy. Tap or click here to find out about a Facebook scam that weaponizes your family. This method is wildly successful, so we put together a helpful guide to save you from getting tricked.

How the scam works

This is a new iteration of a scam that’s swirled around the internet since 2017. Someone masquerading as your friend claims they found a video or image with you. Naturally, this triggers alarm bells. You may be scared that your private information has been leaked. Maybe you’re excited and you wonder if this could turn you into a viral star. Either way, you click your so-called friend’s message. It piques your curiosity, and your defenses are down because it came from a friend. The message that pops up will display a black preview image of what appears to be an attached video, with the simple text of “Is it you in the video?” But it is all part of a massive scam and you should not try to watch the video inside the message. When you click on it, you will not be able to view the video. Instead, the scammers use a URL shortening service that will redirect your browser to a fake Facebook login screen. RELATED: Protect yourself from online scams with this cloud backup service If that doesn’t raise red flags, you might find yourself negligently curious and proceed to “log in” to the fake page. By typing in your username and password, you are not logging in to anything but merely supplying the fraudsters with your legitimate Facebook credentials. Once they have them, they will be able to log into your Facebook profile and send spam to all your friends with the same message. It is a perpetual cycle and only takes one person’s lapse in judgment to open the floodgates. Once they have your login details, it is often complicated (if not impossible) to recover your profile. Through scams like this, you will often see users stating that their Facebook profile was hacked.

What the scammers are after

In many instances, a user’s profile will be taken over through the scam mentioned above. But instead of sending the same message to friends, the criminals will message contacts with malicious links and suspicious online offers. Through these links, they hope to scam people out of their credit card details or collect fees from online clicks. That’s why you need to be diligent and protect your information.

What you can do to stay safe

The first rule of cybersecurity is to never click on a link or attachment that even vaguely looks suspicious. Even if it is from a trusted friend, it should always be treated with caution. Password management is equally important, and you should change all your details at least once a month. And never use the same login credentials for multiple websites. MAKE SURE TO DO THIS: Security tip: How to spot fake social media profiles Some apps and websites allow you to set up Two-Factor Authentication (2FA). It requires you to verify through a second device that it is indeed you who’s logging in. While it is not foolproof, it will add an extra layer of security. Also, review your security settings on social media websites and only allow trusted or verified people to contact you. Tap or click here to find out how to set up 2FA for Facebook along with more security precautions. If you suspect that your account has been compromised, change your password ASAP. The longer you wait, the more time criminals will have to steal your data. If you receive a suspicious message from a friend, contact them through a different message and alert them to the breach.