Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Facebook users inadvertently hack themselves while trying to hack friends

    Facebook users inadvertently hack themselves while trying to hack friends

    By Vikram Singh RaoFebruary 14, 2019
    Facebook Twitter Reddit LinkedIn
    facebook

    Facebook users in India have been tricked into hacking their own Facebook accounts – while attempting to hack their friends accounts. “What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge.The scam claimed to offer a tool to find out the Facebook passwords of friends, but instead compromised the user’s account by tricking them into using some code that takes control of their account and exposes their friends’ data in the process.”

    Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers,” explained Satnam Narang, a security response manager for Symantec in a blog post. ‘Facebook hacking’ The scam employs an instructional video explaining “Facebook Hacking”, which linked to a Google document that contains some code. The code allows users to see friends’ Facebook passwords, according to the scammers, with the instructions attempting to convince users to paste the code into their browser console window – a feature of most browsers that allows developers to inspect and modify elements of a website and how it is presented in the browser.

    The instructions explain that the code will take two hours to work, belaying immediate suspicion when nothing happens to reveal the passwords of their friends. In reality the code performs actions behind the scenes using the would-be hacker’s Facebook account, including following certain users and liking pages. No doubt the scammers are being paid to artificially inflate the follower or like counts of some users and pages. ‘Playing off the curiosity of your friends’ The code also attempts to attract new targets through social engineering on Facebook. “Your account is also used to tag the names of all your friends in the comment section of the original post. This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well,” explains Narang.

    The scam uses a variation of what is called self cross-site scripting (self-XSS), where a user is tricked into entering code into their browser’s console window that performs certain actions on their behalf. ‘Allow my account to be hijacked if I paste malicious JavaScript’ Facebook is aware of the scam and has tried to discourage users from falling for it, employing a warning page that blocks scripted actions with an option to manually “allow my account to be hijacked if I paste malicious JavaScript”. “There is a popular scam going around that claims the user will gain some benefit (illicit access to someone else’s account, some new Facebook feature, etc) by pasting some piece of JavaScript into the browser’s console,” said Facebook on its JavaScript console warning page.

    “The code usually posts the same scam on other people’s walls, and subscribes the user to pages controlled by the attacker – but it could do much worse things. To avoid this, the console is now gently disabled in some browsers,” Facebook continues. ‘If it sounds too good to be true…’ This type of scam is not new, and was first seen circulating around Facebook in 2011. This scam variant was first seen at the beginning of the year, modified from the original code that saw great success with between 50,000 to 100,000 users falling victim. The new scam originates from India, according to Symantec, based by the locations of pages and profiles users are tricked into liking as part of the scam.

    Users who have been affected by the scam should use their activity log on Facebook to track the errant likes and friending, removing those that the scam artificially created and any post that could spread the scam further. “Always remember that if it sounds too good to be true, it is. Being able to hack someone’s Facebook password by just pasting some code into your browser sounds way too easy and should signal that this is a scam,” concludes Narang.

    ALSO read: Password secrets you must aware
    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024

    Navigating the Waters: Best Practices for Phishing Testing in 2024

    February 19, 2024
    Lists You May Like

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.