{"id":7564,"date":"2014-05-13T06:30:26","date_gmt":"2014-05-13T10:30:26","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=7564"},"modified":"2014-05-13T07:09:41","modified_gmt":"2014-05-13T11:09:41","slug":"hack-any-friends-facebook-account-scam","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/hack-any-friends-facebook-account-scam\/","title":{"rendered":"Hack Any Friend’s Facebook Account Scam"},"content":{"rendered":"
\n

Hack Any Friend\u2019s Facebook Scam<\/h3>\n

False promises on Facebook: it\u2019s a recurring theme adopted by spammers. This time, it\u2019s a Facebook post that begins as follows:<\/p>\n<\/blockquote>\n

UPDATE LINK FOR FACEBOOK HACKING
\nF.A.C.B.O.O.K \u2014-H.A.C.K.I.N.G(ONLY FOR EDUCATION PURPOSES)<\/p><\/blockquote>\n

\n

The content of the post includes a link to a Google document and written instructions on how to hack your friend\u2019s Facebook account, as well as an instructional video. The instructions tell you to go to the Google document, copy its contents, paste those contents into your web browser\u2019s console (found by hitting F12), hit enter, and wait 2 hours for the hack to kick in.<\/p>\n

Users who follow these instructions will in reality hack their OWN account.<\/p>\n

Self Cross-Site Scripting Hack<\/h3>\n

Rather than a magical code to hack your friend\u2019s Facebook account, the contents of the Google Doc are actually a malicious JavaScript code that hijacks your account for spamming. While you sit and wait the prescribed 2 hours for the hack to kick in, your Facebook account is used to generate Likes on pages owned by the attackers. Furthermore, the code tells your account to tag all of your friends in its original post so that they can be lured to it too.<\/p>\n

The copy-paste technique used in this scam is called Self Cross-Site Scripting, or Self XSS. Self XSS is about as simple as it gets: Attackers generate malicious code and then try to convince their victims to paste that code into their web console and execute it. This type of attack hinges on social engineering \u2013 like dangling the promise of being able to hack any friend\u2019s account \u2013 and it has actually been around for quite some time. Reports indicate that this latest campaign has been active since early 2014 and that it has already generated as many as 100,000 fraudulent Likes.<\/p>\n

Such success has indeed been noticed by Facebook and prompted the social media giant to issue a warning regarding this type of attack, which includes the option to enable or disable the web console while on Facebook:\u00a0https:\/\/www.facebook.com\/selfxss<\/a>.<\/p>\n

The warning jests at enabling the web console by stating \u201cAllow my account to be hijacked if I paste malicious JavaScript\u201d next to the setting\u2019s check box. More importantly, the warning also points out that a Self XSS can be used to do much worse than generate Like spam. Beyond Facebook accounts, Self XSS hacks are used to execute a wide variety of malware, to commit all types of cybercrime.<\/p>\n

Protect Yourself (from Yourself) with Surf Protection Technology<\/h3>\n

If you think you have fallen victim to the Hack Your Friend\u2019s Facebook scam, you should review your Facebook activity log to see if your account has been used to generate fraudulent Likes:\u00a0https:\/\/www.facebook.com\/help\/www\/289066827791446<\/a>. If it has, you can always Unlike them.<\/p>\n<\/blockquote>\n

SOURCE: EMSISOFT BLOG<\/a><\/strong><\/em><\/span><\/h4>\n

You can save $10 on Emsisoft Anti-Malware \/ Antivirus and Surf Protection by purchasing it from Cloudeight.<\/a><\/strong><\/span><\/em><\/h4>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Hack Any Friend\u2019s Facebook Scam False promises on Facebook: it\u2019s a recurring theme adopted by spammers. This time, it\u2019s a Facebook post that begins as follows: UPDATE LINK FOR FACEBOOK HACKING F.A.C.B.O.O.K \u2014-H.A.C.K.I.N.G(ONLY FOR EDUCATION PURPOSES) The content of the post includes a link to a Google document and written instructions on how to hack your friend\u2019s Facebook\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1669,1,1426],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7564"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=7564"}],"version-history":[{"count":2,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7564\/revisions"}],"predecessor-version":[{"id":7569,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7564\/revisions\/7569"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=7564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=7564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=7564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}