Self-XSS Facebook scam attempts to trick users into hacking themselves
Posted by: Jon Ben-Mayor on 07/29/2014 08:20 AM [ Comments ]
Another day with another Facebook scam - this time there is a bit of a twist to it - you hack your own account via a nasty little trick called Self-XSS, which Facebook explains is a cross-site scripting scam, designed to trick you into giving away access to your Facebook account. If a scammer gets access to your account, they can post and comment on things on your behalf.
Scammers who use Self-XSS usually trick you by promising to help you hack somebody else's account.
The scammer's goal is to get you to run their malicious code on your computer. When you run their code, you grant the scammer access to your account for fraud, spam, and tricking more people into running the scam.
According to Tom's Guide, the scam appears as either an email or a Facebook post on your Timeline purportedly from a friend of the victim. "Hack any Facebook account following three steps," the scam promises. It then instructs readers to open Facebook in a web browser and go to the Facebook page of the person they want to hack.
In this editor, the scam instructs readers to copy-paste a string of code. But, unsurprisingly, the code does not do what the scammers claim it does. Rather, this code grants the scammers access to your own account.
To avoid Self-XSS attacks, never copy and paste suspicious links.
The scammer's goal is to get you to run their malicious code on your computer. When you run their code, you grant the scammer access to your account for fraud, spam, and tricking more people into running the scam.
According to Tom's Guide, the scam appears as either an email or a Facebook post on your Timeline purportedly from a friend of the victim. "Hack any Facebook account following three steps," the scam promises. It then instructs readers to open Facebook in a web browser and go to the Facebook page of the person they want to hack.
In this editor, the scam instructs readers to copy-paste a string of code. But, unsurprisingly, the code does not do what the scammers claim it does. Rather, this code grants the scammers access to your own account.
To avoid Self-XSS attacks, never copy and paste suspicious links.
Comments