Quick heads up—if you start getting Facebook messages like the one below, your friend’s account has been hacked as part of a doggedly persistent phishing scam.

You may have encountered similar weirdness toward the end of 2013; the scheme even made the leap to Tumblr at one point. (A previous incarnation plagued Twitter DMs in 2012.) 


via scamk.com

There has been some variation in the suspicious claims of a home fire, but typically, users are prompted to click a link to video of the alleged destruction that instead brings them to a bogus login page for that particular social network. If they enter their username and password, they’re directed to download a “YouTube Player,” Hoax-Slayer explained in December:   

However, downloading the supposed YouTube update will install a trojan on the user's computer. Typically, such trojans can harvest information from the compromised computer and allow criminals to control the computer remotely.

Meanwhile, the scammers can use the information stolen via the fake Facebook login page to hijack genuine Facebook accounts. Once in the compromised accounts, the scammers can lock out the rightful owners and use the accounts to send out more of the same "My home is burning" scam messages. Thus, the cycle continues.

So, you know, watch out for that. And if your house really catches fire, call 911 before telling your Facebook pals. Also, if you’re the type to click through for live, streaming video of a good friend’s house burning to the ground, you maybe deserve to get hacked? Just saying!

Photo by Ada Be/Flickr (CC BY 2.0)