Active Members akkiliON Posted July 29, 2014 Active Members Report Posted July 29, 2014 (edited) Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible.Not by serving fake post, neither by providing malicious video link, instead this time scammers have used a new way of tricking Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers.This malicious code could allow an attacker to gain access to victims’ accounts, thereby using it for fraud, to send spams, and promoting further attacks by posting the scam on timeline to victims’ friends. This technique is known as Self Cross-site Scripting or Self XSS.Self-XSS (Self Cross-Site Scripting) scam is a combination of social engineering and a browser vulnerability, basically designed to trick Facebook users’ into providing access to their account. Once an attacker or scammer gets access to users’ Facebook account, they can even post and comment on things on users’ behalf.In order to infect Facebook user, the cyber crooks send a phishing message via an email or a Facebook post from one of the friends in the list of the targeted victim claiming, in this case, a way to hack any Facebook user by following some simple steps.The posted scam looks as follows:Hack any Facebook account following these steps: Go to the victim’s profile Click right click then click on inspect element and click the “Console” tab. Paste the code into the box at the bottom and press Enter.The code is in the web site: http://textuploader .com****/Good luck: *Don’t hurt anybody…[*]Once you self inject this malicious script to your account, it will give away the access of your whole account to the one who could do a variety of malicious activities, basically spreading all sorts of malicious campaigns. The hackers can also infect victim’s computer with malware that can collect banking details and send them to a remote location controlled by them.Facebook has also listed the scam on the list of threats its users have been observed to fall victim to. “Scammers who use Self-XSS usually trick you by promising to help you hack somebody else's account,” reads the post. “The scammer's goal is to get you to run their malicious code on your computer. When you run their code, you grant the scammer access to your account for fraud, spam, and tricking more people into running the scam.”Spotting these scams and reporting them are the best way to protect yourself, but if you fall victim to one of these attacks, don't panic! Follow the link to learn more about protecting your Facebook account.Facebook is also working with various browser vendors to add protection in the browser in an effort to prevent this vector from being exploited.Facebook Self-XSS Scam Fools Users into Hacking ThemselvesMe when I saw this: http://media-cache-ec0.pinimg.com/736x/a9/75/fd/a975fd06905ccf698c5bc7e8db7ff8f6.jpg Edited July 29, 2014 by akkiliON Quote
eusimplu Posted July 29, 2014 Report Posted July 29, 2014 Din cate stiu eu facebook te avertizeaza in consola: Quote
Active Members dancezar Posted July 29, 2014 Active Members Report Posted July 29, 2014 Daca dai inspect element pe facebook.com si dai la consola se v-a vedea asta: .d8888b. 888 888 d88P Y88b 888 888 Y88b. 888 888 This is a browser feature intended for "Y888b. 888888 .d88b. 88888b. 888 developers. If someone told you to copy-paste "Y88b. 888 d88""88b 888 "88b 888 something here to enable a Facebook feature "888 888 888 888 888 888 Y8P or "hack" someone's account, it is a Y88b d88P Y88b. Y88..88P 888 d88P scam and will give them access to your "Y8888P" "Y888 "Y88P" 88888P" 888 Facebook account. 888 888 888 For more information, see https://www.facebook.com/selfxss."Deci sunt avertizati.//scuze cred ca am postat in acelasi timp Quote