If you're on Facebook, Twitter or any other social media where people post links and videos (for that matter, if you so much as have an email account), beware: a new scam uses morbid curiosity about the missing Malaysia Airlines flight to trick people into clicking links that will install various forms of malware onto their computers.
The Better Business Bureau issued a warning about this particularly nasty April Fool, urging everyone “Don't fall for click bait teasers promoting exclusive footage of found passengers. It sounds like a sick April Fool's joke, but it's a real scam.”
The way it works is, you see an attention grabbing post, comment or message urging you to watch a "Video of Malaysia MH370 Plane Found in Bermuda Triangle. Passengers alive," or telling you that "[NEWS FLASH] Missing Plane Has Been Found!"
What happens next? You click on the link but, instead of a news site, you're taken to a third-party website, possibly with a pop-up urging you to update your video player. But if you click on the link, instead of a new video player you install malware on your computer instead.
Depending on just what sort of malware you're downloading – the BBB didn't say, and you do not want to make the discovery yourself – your machine might be infected with anything from pornographic popups making your computer well-nigh unusable, to keylogging software that records (and informs the scammers) of every keystroke you type—including any passwords or other confidential information.
How can you protect yourself from malware link scams? If you ignore or temporarily forget the rule “Never click on unfamiliar links,” the Better Business Bureau offers five additional tips to help protect you:
Don't take the bait. Stay away from promotions of "exclusive," "shocking" or "sensational" footage. If it sounds too outlandish (Bermuda Triangle, really?) to be true, it is probably a scam.
Hover over a link to see its true destination. Before you click, mouse over the link to see where it will take you. Don't click on links leading to unfamiliar websites.
Don't trust your friends' taste online. It might not actually be them "liking" or sharing scam links to photos. Their account may have been hacked. But it may also be clickjacking, a technique that scammers use to trick you into clicking something that you wouldn't otherwise (especially the Facebook "Like" button).
On Facebook, report scam posts and other suspicious activity by following these instructions.
On Twitter, if another user is sending you links to malware or other spam, report it to Twitter by following these instructions.