Facebook users who try to hack others’ accounts are in for a surprise as a new scam is out to trick them into revealing their own passwords.
Facebook users who try to hack others' accounts are in for a surprise as a new scam is out to trick them into revealing their own passwords.
The new scam says that it will allow users to hack the Facebook accounts of others in three simple steps. Usually appearing on the Timeline of the friends of victims, it says that they only need to open Facebook in a web browser such as Google Chrome and Mozilla Firefox and open the profile of the person they intend to hack. Then they need to right-click the mouse and select 'Inspect Element', which opens the HTML editor of the web page.
Users then need to type a specific code into the HTML editor in order to hack the profile. However, after the string of code has been typed, the users themselves are hacked and their Facebook account password is disclosed to the scammers. So much for hacking someone else's account.
The scammers can now access all of the users' data, including photos and messages, and can post about the scam on their Wall, thereby luring more potential victims.
This scam makes use of the Self-XSS (cross-site scripting), which is a vulnerability with web browsers, not Facebook. In fact, Self-XSS is among the social networking titan's list of security threats. However, there is no security patch released by the company to fix this at its own end, just a warning to not post such codes into the HTML editor.
The new scam says that it will allow users to hack the Facebook accounts of others in three simple steps. Usually appearing on the Timeline of the friends of victims, it says that they only need to open Facebook in a web browser such as Google Chrome and Mozilla Firefox and open the profile of the person they intend to hack. Then they need to right-click the mouse and select 'Inspect Element', which opens the HTML editor of the web page.
Users then need to type a specific code into the HTML editor in order to hack the profile. However, after the string of code has been typed, the users themselves are hacked and their Facebook account password is disclosed to the scammers. So much for hacking someone else's account.
The scammers can now access all of the users' data, including photos and messages, and can post about the scam on their Wall, thereby luring more potential victims.
This scam makes use of the Self-XSS (cross-site scripting), which is a vulnerability with web browsers, not Facebook. In fact, Self-XSS is among the social networking titan's list of security threats. However, there is no security patch released by the company to fix this at its own end, just a warning to not post such codes into the HTML editor.
No comments:
Post a Comment