The Facebook 'Is This You?' Scam: How Accounts Get Hijacked

You are scrolling through Facebook when a message pops up from a long-time friend. It says: 'Look who I found in this video! Is this you??' and includes a link to what looks like a YouTube or TikTok video. Naturally, you are curious and a little worried—what video could they be talking about? You tap the link.

A page loads that looks like a login screen. It says: 'Please log in to verify your age and view this video.' You type in your Facebook email and password. Suddenly, the page disappears, and no video plays. You might think it was just a glitch and forget about it. But a few hours later, your friends start calling you, asking why you are sending them strange links. You have been hacked.

First, take a deep breath. This is the Facebook account hijacking scam. It has been viral for years because it preys on our curiosity and social connections. Understanding how do hackers get passwords like this is the first step to securing your social life.

The Anatomy of the Hijack

The link you clicked did not go to a video. It went to a fake login page (a phishing site). When you typed your password, you handed it directly to a scammer's database. Their automated software immediately logged into your account, changed your password to lock you out, and then sent that same 'Is this you?' message to every single person on your friends list.

What to Do If You Clicked

1. Change your password immediately: If you can still log in, go to Settings > Security and change your password. If you are locked out, use the 'Forgot Password' link to regain control via your email.
2. Enable 2FA: Turn on two-factor authentication. This stops hackers even if they have your password, as they won't have the code from your phone.
3. Warn your friends: Post a status update or send a group text saying: 'My Facebook was hacked. Do not click any links sent from me today.'