“Is that you” is a phishing scam circulating on Facebook messenger. It has gone through many various forms since at least 2017. The scam begins with a Facebook message sent by one of your friends. The “friend” claims to have found a video or image with you featured in it.

The message appears as a “home” video. When clicked, it will lead you through a chain of websites infected with malicious scripts. These scripts determine your location, the device you are using, and your operating system. They then lead you to a malicious Facebook phishing page to harvest your credentials, and, depending on your device, infect it with adware or other malware.

The website appears to be legitimate. However, a malicious XML file has been injected into its code. Using a legitimate website to host malicious redirect scripts makes the phishing attack more effective as it can be used to bypass Facebook’s blacklists. Facebook has a rigorous system of checks to stop the spread of malware and malicious links but these types of campaigns are sophisticated enough to at least temporarily bypass those measures.

The scam has tricked at least 500,000 victims thus far. 38% of affected users were using an Android 10 operating system and 19% were using Apple iOS 14.3

If you fall victim to this attack:

  1. DO NOT enter your credentials into any unintended websites.
  2. Immediately change your Facebook password.
  3. Immediately change any other passwords on accounts that share the same credentials.
  4. Set up two-factor authentication for Facebook.


Action item: The best way to avoid scams such as this one is to provide regular reminders and test your actions. We recommend you try our one-time phishing test to put your team to the test. https://kybersecure.com/phishing-test/