Late last week,Facebook users in India were tricked by scammers who were claiming to offer a tool that could hack facebook in order to obtain passwords belonging to user's friends.Unfortunately for these users,they actually ended up hacking their own accounts for the scammers and exposed their friends in the process.
Figure 1. Scam promoting how to hack your Facebook friends
Want to hack your friends?
A post began circulating on Facebook from a particular page featuring a video with instructions on “Facebook Hacking” with a disclaimer stating that it was for education purposes only. The post links to a document hosted on Google Drive that contains some code that, according to the scam, will allow users to reveal their friends’ Facebook passwords.The instructions attempt to convince the user to paste the code into their browser console window and asks them to wait two hours before the hack will supposedly
work.
You just hacked yourself
Figure 2. Facebook account hijacked to follow and like various pages
What really happens when you paste this code into your browser
console window is that a series of actions are performed using your
Facebook account without your knowledge. Behind the scenes, your account
is used to follow lists and users, and give likes to pages in order to
inflate the follower and like counts defined by the scammers.Figure 3. What does the Fox say? I have over 56,000 likes!
Your account is also used to tag the names of all your friends in the comment section of the original post. This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well.
Figure 4. User’s compromised account tags friends in the original scam post
What is this type of scam called?
This scam is a variation of a method known as self-XSS (self cross-site scripting ), where a user is tricked into copying and pasting code into their browser’s console that will perform various actions on their behalf.Facebook is trying to discourage users from unwittingly causing harm to their accounts through this method. Some users that attempt to paste code may receive a warning from within their browser’s developer console that points to the following link:
https//www.facebook.com/selfxss
Is this type of scam new?
This type of scam originally began circulating back in 2011.This current iteration has been around since at least the beginning of 2014.
The original scammers behind this iteration had great success with the scam at the beginning of this year, netting between 50,000 to 100,000 likes and followers on a number of pages and profiles. Some of the variable names in the code (mesaj and arkadaslar) suggest the authors are of Turkish descent.
Why is this affecting users in India?
For this campaign, the individuals responsible are based in India. They have modified the original authors’ code by simply adding their own pages and profiles into the script to increase their follower and like counts.
What to do if you have fallen for this scam?
If your account has liked and followed a number of pages and profiles without your consent, you should Review your activity log. From your activity log, you can locate, unlike and unfollow the pages and profiles associated with this scam. You should also consider posting a status update notifying your friends about the scam to make sure they don’t fall for the same trick.
The opposite of ethical
Fi
gure 5. Scammers label their efforts as “ethical hacking”
While investigating this scam, we found that the individuals behind it were publicly discussing their efforts. Speaking in Punjabi, one of the individuals summed it up by saying, “Now this is the way ethical hacking is happening.” However, these efforts couldn’t be further from the concept of ethical hacking.
A lesson learned
Always remember that if it sounds too good to be true, it is. Being able to hack someone’s Facebook password by just pasting some code into your browser sounds way too easy and should signal that this is a scam. At the end of the day, your account would be impacted and the safety of your account could be at risk. It’s best to err on the side of caution and think twice before following instructions that ask you to paste code into your browser to hack passwords or unlock features on a website.
Do you need to hack a Facebook account? i know of someone who can help.
ReplyDeleteMr James (Worldcyberhackers@gmail.com) via email.I saw a review about him and I needed help hacking my wife's Facebook account so i contacted him and he said he was going to help me.I gave him the information he required about my wife's account and afterwards i received all my wife's Facebook activity linked directly to me. He was reliable and trustworthy i just want to say thank you. If you need help you can contact him via Email(Worldcyberhackers@gmail.com)
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
Delete(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @leadsupplier
ICQ> 752822040
Email> exploit.tools4u@gmail.com
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
All info included
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA $8 FOR EACH
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
->Very fast delivery
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING & HACKING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SQL Injector = 250$
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc) =25$
PayPal Logins = 150$ (10 Logins)
Bitcoin Cracker = 500$
SMTP Linux Root = 300$
DUMPS with pins track 1 and 2 = 85$
Socks, rdp's, vpn = 25$
PHP mailer = 25$
Server I.P's = 100$ (1k ip's)
HQ Emails with passwords = 100$ (1k emails+pass)
If you need a valid vendor it's very prime chance, you'll never be disappointed
Telegram> @leadsupplier
ICQ> 752822040
Email> exploit.tools4u@gmail.com
Hi there, technology is more advanced than exposed but most people are not in the know. Contact a reliable hacker for your hacks (social accounts, credit score, private investigation, website hack, sql, cc sales, account sales, darkweb access and invites for sale and manymore)
ReplyDeletewww.cyberspyne.wixsite.com/tornet
Wow! I got this and tried him out hacking 10 gmails and 2 cellphone and right now I have a monitoring spyware installed and guess what it was pay after delivery honestly this is the first I ever saw. Thanks cyberspyne
ReplyDeleteHi there, technology is more advanced than exposed but most people are not in the know. Contact a reliable hacker for your hacks (social accounts, credit score, private investigation, website hack, sql, cc sales, account sales, darkweb access and invites for sale and manymore)
I suspected my wife of cheating on me but I never had any proof. This went on for months, I didn't know what to do. i was so paranoid and decided to find a solution, i saw a recommendation about a private investigator and decided to contact him. I explained the situation about my wife to him and he said he was going to help me.I gave him all the informations he required and afterwards i received all my wife’s phones Text messages whatsApp messages and calls, I was hurt when i saw a picture of my wife and her lover. I feel so bad about infidelity. but i am glad Mr james was able to help me get all this information, you can contact him. Email(worldcyberhackers@gmail.com) or Text/call : +12317945543
ReplyDeleteHello all
ReplyDeleteam looking few years that some guys comes into the market
they called themselves hacker, carder or spammer they rip the
peoples with different ways and it’s a badly impact to real hacker
now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
Anyone want to make deal with me any type am available but first
I‘ll show the proof that am real then make a deal like
Available Services
..Wire Bank Transfer all over the world
..Western Union Transfer all over the world
..Credit Cards (USA, UK, AUS, CAN, NZ)
..School Grade upgrade / remove Records
..Spamming Tool
..keyloggers / rats
..Social Media recovery
.. Teaching Hacking / spamming / carding (1/2 hours course)
discount for re-seller
Contact: 24/7
fixitrogers@gmail.com
you need real and legit hacker to hack a cheating husband
ReplyDeleteor wife whatsapp,text messages and many more? just contact
elizabethjone146@gmail.com why am so sure and confident
in referring you to this hacker is because i used his
service sometime last week and it work 100%
contact elizabethjone146@gmail.com
WhatsApp +18572012269
I got an excellent grades with the help of russiancyberhackers@gmail.com. Am really thankful and blessed to have russiancyberhackers@gmail.com.
ReplyDelete
ReplyDeleteI was blackmailed by my ex boyfriend who had access to my Instagram account and he changed the password. though have been receiving so many calls from my friends telling me how they do see my nude pictures uploaded on Instagram i was so frustrated and didn't know what to do till i was able to go on google in search of hackers that could hack phones and recover my stolen Instagram account then i came in contact with darkhatthacker@gmail.com who people talked good about his services after contacting this hacker and told him what i wanted him to do for me in the space of 1 hour i recovered my Instagram account and this hacker was able to clear all nude pictures and videos that my ex uploaded and my account was back to me very strong. i just want to thank darkhatthacker@gmail.com if i had not contacted you i don't think i will be happy for life but am glad i was able to clean up the mess my ex did all of this was done at a very affordable and reliable price thanks to you darkhatthacker@gmail.com.
In my next world I will still choose anonymousmaskhat@gmail.com as the best. Imagine a hacker breaking into your school website and changing your bad grades to good grades without your school knowing of such a hack done on the school website, that's exactly what anonymousmaskhat@gmail.com did for me at a very affordable price that came with a very clean and smooth job. kudos to you anonymousmaskhat@gmail.com.
ReplyDeleteI came in contact with darkhatthacker@gmail.com today and am glad to witness his good service. Am happy because I am able to access my wife's phone freely without getting my hand on her phone. darkhatthacker@gmail.com am really blessed to have come in contact with you.
ReplyDeleteReaching out to darkhatthacker@gmail.com was never a bad vibe at all. This hacker was so helpful.
ReplyDeleteI have been tricked into bed with a man who claims he loves me and I was already in love never knew he was in a serious relationship with another woman but he just wanted my body. You all take hackers for granted a lot but I want to remind you all that it was with anonymousmaskhat@gmail.com i knew what was going on before it got too late. in case you all don't believe in hackers, hackers are real and I confirmed it from the first phone hacking anonymousmaskhat@gmail.com did for me.
ReplyDeleteA Lot of people wonder how i get the best grade in the class well i get the best with the help of russiancyberhackers@gmail.com.
ReplyDeleteA very big congratulations to me as I was able to make it to the next level in school with the help of spyexpert0@gmail.com who helped me in fixing my bad grades from last semester and am happy there was no trace that my grades were being changed. This hacker changed the grades directly from the school website and it all came out a success without getting me into trouble. I am really impressed. Thank you spyexpert0@gmail.com
ReplyDeleteI Want to use this medium to appreciate an online ghost hacker, after being ripped off my money he helped me find my cheating lover and helped me hacked his WHATSAPP, GMAIL, kik and all his social media platforms and i got to know that he has being cheating on me and in less than 24 hours he helped me out with everything, hacking setting is trust worthy, contact him via: hackingsetting50@gmail.com
ReplyDeleteI Want to use this medium to appreciate an online ghost hacker, after being ripped off my money he helped me find my cheating lover and helped me hacked his WHATSAPP, GMAIL, kik and all his social media platforms and i got to know that he has being cheating on me and in less than 24 hours he helped me out with everything, hacking setting is trust worthy, contact him via: hackingsetting50@gmail.com
ReplyDeleteFULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
ReplyDelete(Spammed From Credit Bureau of USA)
=>Contact 24/7<=
Telegram> @leadsupplier
ICQ> 752822040
Email> exploit.tools4u@gmail.com
FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES
All info included
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included
CC & CVV'S ONLY USA $8 FOR EACH
$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted
->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term
->Very fast delivery
PLEASE DON'T ASK ANYTHING FOR FREE
TOOLS & TUTORIALS AVAILABLE FOR SPAMMING & HACKING
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SQL Injector = 250$
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc) =25$
PayPal Logins = 150$ (10 Logins)
Bitcoin Cracker = 500$
SMTP Linux Root = 300$
DUMPS with pins track 1 and 2 = 85$
Socks, rdp's, vpn = 25$
PHP mailer = 25$
Server I.P's = 100$ (1k ip's)
HQ Emails with passwords = 100$ (1k emails+pass)
If you need a valid vendor it's very prime chance, you'll never be disappointed
Telegram> @leadsupplier
ICQ> 752822040
Email> exploit.tools4u@gmail.com