Netizens beware of malicious tagging on Facebook

malicious-tagging-on-facebook -2021

WhatALife! is warning netizens about the resurfacing of ‘malicious tagging’ that targets Facebook users.

One fine morning, as you casually scroll on your Facebook timeline, you suddenly received a notification from a friend who mentioned you on a post.

sc-malicous-tagging
Malicious Tagging on Facebook

Since it’s your friend, you’ll, of course, go and check the post out. After all, it might be a funny meme or a relatable post that you might want to share, right? ENGK! 

malicious-tagging-on-facebook
Malicious Tagging on Facebook

The post turns out to be a link to an adult video, and if your that curious, you’d probably click the link.

malware-taggin-facebook
DO NOT CLICK THE LINK ON THE POST!

Consequently, a pop-up window will appear, asking you to download a Flash player update before watching the video, which, unfortunately, is malware. You are now one of the thousands of Facebook users across the platform who fell victim and infected by the malicious tagging malware.

While the malware has several versions, its aim is to scan your device and capture personal information such as banking information. Not to scare you, but it will probably take over your device and create another face post with some of your friends tagged in it.

Ottoke?! Help! SOS! What should I do now?

As mentioned, you’ll be tagging your friends (and some friends of friends) on the same fake post. So, you might as well give them a heads up NOT TO CLICK THE LINK. Then, install an anti-malware or antivirus with cyber protection to secure your device from further malware infection.

Inquirer.net reported that the current fake post where most of the netizens were tagged has over 22,000 comments. The newsite has contacted Facebook regarding the issue, but it has yet to respond.

In the meantime, here are some tips on how you can protect yourself and your friends from this type of malicious malware.

DO NOT CLICK.

No matter how curious you are. No matter how enticing those powerful words are used in the headlines. If you’re not familiar with the website or feel in your guts that it could possibly be fake news: DO NOT CLICK.

As netizens become smarter, scammers have to up their strategies to hook their victims, so most of them would often use link-shortening sites to disguise malicious links. Make sure not to fall for it. 

Suppose you’re using Facebook on your desktop. In that case, you can check the original link destination by hovering your mouse arrow just above the link. A link will then show at the bottom left of the browser. See an example image below. 

see-link-on-lower-left
Screengrab by WhatALife!

If the links matched and you trust the website, then you’re good to go. Otherwise, do not.

BE SKEPTICAL WHAT YOUR FRIENDS POST.

In other words, don’t trust your friends on social media. Yeah, it’s a bit harsh, but hey, it’s better safe than sorry, right? The malicious tagging scam has affected many people because they assume that whatever their friends posted is safe. Hate to break it, but it’s not. So the next time you see that notification that says your friend “tagged you on a comment,” “liked this post,” or “retweeted” a post with a link, it’s best to just ignore it.

SET TAG TO REVIEW FIRST.

Fortunately, Facebook lets you control what tagged posts you want to sho on your profile. This will allow you to stop people from tagging you, even if they we are your friends.

Settings & privacy > Profile and tagging > Reviewing > Enable

Once enabled, all tagged posts and photos will be waitlisted here:

facebook-malicious-tagging
Review Tagging First
facebook-tagging
Review tagging enable

Settings & privacy > Activity log > Review posts you’re tagged in

image 5 1
Access via Activity log

SET YOUR ACCOUNT TO PRIVATE.

It’s better this way, trust me. As much as possible, hide your personal information such as birthdate, contact number, address, email address, and heck, even your friend’s lists.

Settings & privacy > Profile and tagging > Set to “Friends”

Ensure to enable “Approve First” from your tagging settings and set it to “Friends Only.” If you have Facebook friends who you don’t know in person, make sure to diligently segregate your Friends and Aquaintances for this option to work. Otherwise, set it to “Only Me.”

privacy-setting-facebook
Profile and tagging setting

Moreover, block unknown users, groups, and pages that you think have malicious intent or activity on the platform.

Settings & privacy > Blocking

If proven, report them. Be wary of who you accept as Facebook friends too. Safety over numbers, yeah?

CHANGE YOUR PASSWORD.

If you fell victim to malicious tagging, change your password ASAP

Make it a habit to change your password every month or two (including all your social media accounts), and enable your 2-factor authentication.

Avoid using common passwords such as 1234 and ADMIN1234. ALSO READHere’s why you NEED to practice Cyber Hygiene

Settings & privacy > Security and login > Two-factor authentication

For additional protection, turn on your “Get alerts about unrecognized logins.” Settings & privacy > Security and login > Setting up extra security

facebook-security-setting
Setting up extra security

DOWNLOAD ANTIVIRUS APPS / SOFTWARE.

Practice cyber hygiene to protect yourself from cybercriminals—download antivirus (such as Avast, Kaspersky, McAfee) on your device with cyber protection features.

HELP REPORT SCAMS.

If you’re unfortunately a victim or knows someone who fell victim to the malicious tagging, report it. Help stop the rapid spread and promptly report the issue.

The Philippine National Police Anti Cybercrime Group (PNP-ACG) warned netizens to be cautious of websites pretending to be legitimate but are actually designed to obtain sensitive information.


Don’t be a victim. Stay safe!