Hack Your Facebook Friends? More Like Hack Yourself.
What if you could hack your friend’s Facebook account simply by copying and pasting a piece of code into your web-browser’s console?
A recent Facebook scam promises just that.
Hack Any Friend’s Facebook Scam
False promises on Facebook: it’s a recurring theme adopted by spammers. This time, it’s a Facebook post that begins as follows:
UPDATE LINK FOR FACEBOOK HACKING
F.A.C.B.O.O.K —-H.A.C.K.I.N.G(ONLY FOR EDUCATION PURPOSES)
The content of the post includes a link to a Google document and written instructions on how to hack your friend’s Facebook account, as well as an instructional video. The instructions tell you to go to the Google document, copy its contents, paste those contents into your web browser’s console (found by hitting F12), hit enter, and wait 2 hours for the hack to kick in.
Users who follow these instructions will in reality hack their OWN account.
Self Cross-Site Scripting Hack
The copy-paste technique used in this scam is called Self Cross-Site Scripting, or Self XSS. Self XSS is about as simple as it gets: Attackers generate malicious code and then try to convince their victims to paste that code into their web console and execute it. This type of attack hinges on social engineering – like dangling the promise of being able to hack any friend’s account – and it has actually been around for quite some time. Reports indicate that this latest campaign has been active since early 2014 and that it has already generated as many as 100,000 fraudulent Likes.
Such success has indeed been noticed by Facebook and prompted the social media giant to issue a warning regarding this type of attack, which includes the option to enable or disable the web console while on Facebook: https://www.facebook.com/selfxss.
Protect Yourself (from Yourself) with Surf Protection Technology
If you think you have fallen victim to the Hack Your Friend’s Facebook scam, you should review your Facebook activity log to see if your account has been used to generate fraudulent Likes: https://www.facebook.com/help/www/289066827791446. If it has, you can always Unlike them.
It’s also good practice to exercise caution when encountering any Internet offer dangling a virtual carrot just out of reach. Scams like these happen almost every single day, and are most often initiated through large social media networks where they can achieve the most exposure.
If you’d rather not have to worry about things every time you log on to your favorite social site to view pictures of your family and friends, we’d also suggest utilizing Emsisoft Anti-Malware’s Surf Protection Technology. It’s designed to prevent you from visiting malicious websites that contain copy-paste code used in Self XSS attacks. That way, you can protect yourself from yourself (and from malware too).
Have a Great (Malware-Free) Day!
Warning: Don’t Get Vished