Is a friend asking you to vote for them on Facebook? It’s a scam that starts a chain reaction. Many people have already fallen victim.
Swiss authorities are warning of phishing campaigns turning into a “chain reaction” on Facebook, Instagram, X, and Snapchat. Cybercriminals compromise accounts and ask “friends to vote for them,” which leads to more compromised accounts.
In the recent campaign, social media users received messages from scammers posing as people they knew. They claimed to be taking part in a fashion or style contest and asked people to vote for them, according to the report by the Swiss National Cyber Security Centre (NCSC).
However, the provided link led to a fake, malicious website mimicking a legitimate voting platform.
“Believing the request was coming from a friend, the victims clicked the provided link without hesitation,” NCSC said.
“To cast your vote, you’re asked to log in using your Instagram, Facebook, or email account.”
This way, scammers steal login credentials and gain access to social media accounts, which helps them further advance the scam. Hijacked accounts are used to post scam ads, spread false information about people or companies, and even blackmail victims. Hackers try to exploit trust between friends and might ask to borrow money.
“This can start a chain reaction where many people fall for the scam,” NCSC warns.
”In recent weeks, we have received reports of scammers exploiting social media accounts, moving from one to the next.”
The fraudulent voting platforms are designed to see the names of friends or other people who have already received votes. The scammers abuse a sneaky trick: when trying to log in to cast a vote, users receive a message that the password is always incorrect. This way, they try to collect as many passwords as possible to later try to gain access to accounts on many other platforms.
Previously, chain phishing campaigns were also aimed at Microsoft 365 accounts in businesses.
The authority recommends never entering passwords, credit card details, and other personal information on websites accessed through a link in a text message or an email. Always double-check that you are on the correct and reputable website.
“If you're not sure that a message is really from who it says it is, contact them to check,” NCSC said.
Change compromised passwords immediately on all services where they might be used. Use strong and separate passwords for each service and enable multi-factor authentication where possible.
Fraud attempts, spam, and phishing are by far the most common cyber incidents reported in Switzerland.
Your email address will not be published. Required fields are markedmarked