Facebook users who try to hack others’ accounts are in for a surprise as a new scam is out to trick them into revealing their own passwords.
A post began circulating on Facebook from a particular page featuring a video with instructions on “Facebook Hacking” with a disclaimer stating that it was for education purposes only.
Is the scam new?
This scam is a variation of a method known as self-XSS (self cross-site scripting), where a user is tricked into copying and pasting a code into their browser’s console that will perform various actions on their behalf.
This type of scam originally began circulating back in 2011. This current iteration has been around since at least the beginning of 2014.
The original scammers behind this iteration had great success with the scam at the beginning of this year, netting between 50,000 to 100,000 likes and followers on a number of pages and profiles.
Some of the variable names in the code (mesaj and arkadaslar) suggest the authors are of Turkish descent.
How the Scam Works
The scam employs an instructional video explaining “Facebook hacking”, which linked to a Google document that contains some code.
The new scam says that it will allow users to hack the Facebook accounts of others in three simple steps:
1. Usually appearing on the Timeline of the friends of victims, it says that they only need to open Face book in a web browser such as Google Chrome and Mozilla Firefox and open the profile of the person they intend to hack.
2. Then they need to right-click the mouse and select ‘Inspect Element’, which opens the HTML editor of the web page.
3. Users then need to type a specific code into the HTML editor in order to hack the profile.
However, after the string of code has been typed, the users themselves are hacked and their Face book account password is disclosed to the scammers. So much for hacking someone else’s account!
In reality the code performs actions behind the scenes using the would-be hacker’s Face book account, including following certain users and liking pages. No doubt the scammers are being paid to artificially inflate the follower or like counts of some users and pages.
http://tinyurl.com/timesofindia-tricking-reveal-t
Keep Safe
Facebook is committed to bringing you a safe experience on the Internet as they announce several new features to help protect you while online:
Due to a partnership with “Web of Trust”, users can have access to safe surfing tools free of charge, which tells which websites you can trust based on the ratings supplied by other Web of Trust community members.
Facebook has built defenses to detect click jacking of the Face book Like button and to block links to known click jacking pages.
For Self-XSS Protection, when our systems detect that someone has pasted malicious code into the address bar, face book will show a challenge to confirm that the person meant to do this as well as provide information on why it’s a bad idea.
Finally, face book’s newest advanced security feature, Login Approvals, is now available to everyone who uses Face book requiring users logging in to Face book from a new or unrecognized device, to also enter a code that they send to your mobile phone via text message.
http://tinyurl.com/facebook-keeping-scams-spam
A lesson learnt
Being able to hack someone’s Face book password by just pasting some code into your browser sounds way too easy and should signal that this is a scam.
At the end of the day, your account would be impacted and the safety of your account could be at risk.
It’s best to err on the side of caution and think twice before following instructions that ask you to paste code into your browser to hack passwords or unlock features on a website.
- Kelvin Davis is the director or Greymouse, a cloud 24/7 oursourcing provider, with offices in Fiji and the Philippines. Insider business news is now available at www.greymousefiji.com/fijisun . Just visit the site and sign up for your free news subscription.