Facebook Self-XSS Scam Fools Users into Hacking Themselves

[akkiliON]

Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible.

Not by serving fake post, neither by providing malicious video link, instead this time scammers have used a new way of tricking Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers.

This malicious code could allow an attacker to gain access to victims’ accounts, thereby using it for fraud, to send spams, and promoting further attacks by posting the scam on timeline to victims’ friends. This technique is known as Self Cross-site Scripting or Self XSS.

Self-XSS (Self Cross-Site Scripting) scam is a combination of social engineering and a browser vulnerability, basically designed to trick Facebook users’ into providing access to their account. Once an attacker or scammer gets access to users’ Facebook account, they can even post and comment on things on users’ behalf.

In order to infect Facebook user, the cyber crooks send a phishing message via an email or a Facebook post from one of the friends in the list of the targeted victim claiming, in this case, a way to hack any Facebook user by following some simple steps.

The posted scam looks as follows:

• Hack any Facebook account following these steps:
  
  1. Go to the victim’s profile
     
  2. Click right click then click on inspect element and click the “Console” tab.
     
  3. Paste the code into the box at the bottom and press Enter.
     

  The code is in the web site: http://textuploader .com****/

  Good luck: *

  Don’t hurt anybody…

  [*]

Once you self inject this malicious script to your account, it will give away the access of your whole account to the one who could do a variety of malicious activities, basically spreading all sorts of malicious campaigns. The hackers can also infect victim’s computer with malware that can collect banking details and send them to a remote location controlled by them.

Facebook has also listed the scam on the list of threats its users have been observed to fall victim to. “Scammers who use Self-XSS usually trick you by promising to help you hack somebody else's account,” reads the post. “The scammer's goal is to get you to run their malicious code on your computer. When you run their code, you grant the scammer access to your account for fraud, spam, and tricking more people into running the scam.”

Spotting these scams and reporting them are the best way to protect yourself, but if you fall victim to one of these attacks, don't panic! Follow the link to learn more about protecting your Facebook account.

Facebook is also working with various browser vendors to add protection in the browser in an effort to prevent this vector from being exploited.

Facebook Self-XSS Scam Fools Users into Hacking Themselves

Me when I saw this: http://media-cache-ec0.pinimg.com/736x/a9/75/fd/a975fd06905ccf698c5bc7e8db7ff8f6.jpg

Edited July 29, 2014 by akkiliON

[eusimplu]

Din cate stiu eu facebook te avertizeaza in consola:

[dancezar]

Daca dai inspect element pe facebook.com si dai la consola se v-a vedea asta:

 .d8888b.  888                       888    
d88P  Y88b 888                       888    
Y88b.      888                       888    This is a browser feature intended for 
 "Y888b.   888888  .d88b.  88888b.   888    developers. If someone told you to copy-paste 
    "Y88b. 888    d88""88b 888 "88b  888    something here to enable a Facebook feature 
      "888 888    888  888 888  888  Y8P    or "hack" someone's account, it is a 
Y88b  d88P Y88b.  Y88..88P 888 d88P         scam and will give them access to your 
 "Y8888P"   "Y888  "Y88P"  88888P"   888    Facebook account.
                           888              
                           888              
                           888              

For more information, see https://www.facebook.com/selfxss.
"

Deci sunt avertizati.

//scuze cred ca am postat in acelasi timp