Facebook Messenger users are being warned not to open messages starting with four specific words following reports of an increase in their appearance.
Millions of people across the globe use Facebook's messaging system to keep in touch with friends and family, but recently a scam on the app has been luring people in with its intriguing opening words.
The messages appear to come from friends on Facebook, but are actually created by scammers using accounts which have previously been compromised by either the same messaging scam or a different one.
It's not unusual for friends to send links to funny videos or memes to one another using messaging apps, and this scam relies on the reader's intrigue as it opens with the words "look what I found," usually followed by one or multiple emojis.
We've all received similar messages in the past, with the links often leading to an embarrassing old photo or relatable viral video, but the link in this scam takes the user to a malicious webpage which requests they enter their Facebook log-in details.
In doing so, the scammer may either gain access to sensitive information about the recipient of the message or be able to install malware on their device.
The scam has actually been doing the rounds for a number of years, but cases appear to have risen recently as a number of people have been targeted.
Leslie Sikos, a cyber security expert from Edith Cowan University, told 7NEWS messages coming from a Facebook friend are "much more likely result in clicks than messages sent by strangers, because people might only or primarily focus on the sender's name at first rather than the message content, regardless whether that has red flags."
The expert continued: "There are many scams of this sort, meaning that there is no single appearance or behaviour users could learn to avoid.
"Note that if someone is tricked by a message and they click a scam's link, they still might not be victims in the end if they can realise it's a scam by keeping an eye on the website loading process, which would reveal the redirection to a malicious website."
In a bid to help people protect themselves from scams, Sikos has encouraged people to look out for greetings or signatures that do not match the typical style of the alleged sender, as well as bad grammar, typos and a "gibberish, obviously machine-generated and fake domain name that, when clicked, would actually redirect you to another domain."
The message coming from someone you would not typically chat to or being sent at a strange hour of the day are also indications of a scam.