Facebook Scammers Trick Users Into Hacking Themselves

Facebook Scammers Trick Users Into Hacking Themselves

In a move that was sure to happen at some point, those who have made a habit of scamming other individuals on Facebook have now tricked users into hacking themselves.

This is, no doubt, designed to make a Facebook hacker’s job a little easier, but in reality, it has caused a security threat for users who are really only trying to protect their own accounts from hackers.  What happens is that a message will appear on your Timeline or in your email account, saying that you can hack anyone’s Facebook account in three steps.  The first step is to go to the page of the Facebook user you want to hack and right-click.  Select “Inspect Element” and an HTML editor will appear on the bottom half of your page.  The user is then instructed to copy and paste a string of code in the HTML coding that appears and is told that this code will grant them access into the account they are trying to hack.  In reality, though, the code has given the hacker access to the user’s own account.


This example of cross-site scripting is a significant vulnerability and can happen to anyone with a Facebook page, whether it is a user or a business.  It is also known as XSS, and although users may think it is a security threat that Facebook should consider fixing, the vulnerability goes beyond the social media site.  It is likely an issue that browsers themselves should work on.  Given the instructions can also come into email, it is quite likely a security threat that goes well beyond the social media site.

To combat the issue, Facebook has added Self-XSS to its list of security threats, but there are no plans to come up with any sort of a patch to alleviate the threat.  It has, however, cautioned users not to copy-paste any code from any user they are not familiar with.  This is good practice for any user; it is advice that is similar to not opening any *.exe files from unfamiliar sources.

However, this sort of security breach can happen unwittingly to anyone.  It is important to go online and be aware of the potential threats that lurk throughout the internet rather than going in blindly.  In addition, users who are not familiar with how to code in HTML should stay well away from instructions that dictate they should make use of their HTML editor.  If the instructions come from a friend, that friend should be informed their account has likely been hacked, and Facebook should also be notified of the breach.  Passwords should also be changed to avoid this sort of thing from happening.  It is, after all, your information on the line.