Scam alert: Two clicks on Facebook could leak all your personal info to an international scammer

Posted at 5:43 PM, Apr 30, 2015
and last updated 2016-11-02 12:30:20-04

Users beware.

A vicious malware attacking Facebook can give all your personal information away in two clicks.

As if that weren't bad enough, this latest Facebook attack starts with you, and once you're in, it tags your friends and then their friends and so on. The malware spreads like wildfire.

Your Facebook feed is full of enticing video. But now, one of those could leave you two clicks away from major problem, according to online tech expert Steve Nelson.

Nelson runs his own security network company called 360 Degree Security Computer Services.

"To show the lead-in video as being cute cats, puppy dogs or even some adult-flavored video," said Nelson.

A malware scam appears to be a video link from a friend saying something to the effect of, "This is awesome."

The scam - first noticed on Saturday - had around 500,000 clicks by the end of the day. But Nelson said not all of those clicks ended with infections.

But Nelson said the real trouble comes at the next step. A pop-up window appears and prompts you to click on an Adobe Flash Player update to continue.

"So once I click through for the Adobe Flash, it will download the player. It won't be the [Abode] player," he said.

The malware is actually taking over your computer, looking for everything you have, including sensitive information like your bank account number.

“Whatever he is out after, he can find. Medical records, whatever you are logging onto, whatever you are working on within your browser," said Nelson.

Nelson said the industry experts have tracked down the creator of this attack, and they believe he goes by "Schwarzback" and may be operating from Turkey or Russia.

"His last account was in Russia. They don't know exactly where he is at, but he's moving around," said Nelson.

Fortunately, Facebook has stopped this attack.

Unfortunately, Nelson says the man behind this is not giving up.

"He's going to do it again," said Nelson.

He says this attack was designed for Windows and Windows users specifically. But, just to be safe, Nelson recommends changing your passwords, being cautious of what you click on and always keeping malware protection installed and updated.

We have reached out to Facebook, but the company has not contacted us. 


Jadiann Thompson can be reached at

Follow her on Twitter

Connect on Facebook