1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Spammers Hijack Facebook Accounts with the Aid of Fake Chat Verification Posts

Discussion in 'Security Updates' started by starbuck, Apr 19, 2014.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    If you come across an announcement from the “Facebook Chat Team,” you should know that it’s part of a scam designed to trick users into giving spammers access to their accounts.

    All Chat Box must be verified before 24th May 2014 to avoid Chat Blocking under SOPA and PIPA Act. The unverified Chat will be terminated,” the scammy announcements read.

    According to Trend Micro, users who click on the links are taken to a Pastebin post that contains instructions on how to allegedly “verify the chat.” Victims are provided with pieces of code which they’re told to paste in their web browser’s JavaScript console.

    Once the code is executed, the scammers gain access to the victim’s account. While their actions are limited, they can re-post the scam on the hijacked timeline, tag other users, and subscribe the victim to certain pages.

    From the get-go, users should know that there is no product called ‘Facebook Chat,’ let alone a team that sends out a supposed ‘advisory’ to its users,” Trend Micro experts warn.

    Facebook is aware of these types of scams and the social media platform has taken steps to block them.

    There is a popular scam going around that claims the user will gain some benefit (illicit access to someone else's account, some new Facebook feature, etc) by pasting some piece of JavaScript into the browser's console,” Facebook explained on a page about self-XSS attacks and the way the JavaScript console works on the website.

    This is a variant on the self-XSS attack. By pasting the code in the browser console, the user gives the code access to their account. The code usually posts the same scam on other people's walls, and subscribes the user to pages controlled by the attacker – but it could do much worse things,” the company added.

    To avoid this, the console is now gently disabled in some browsers. If you want to use the console, turn the following setting on; you'll need to reload the page for it to take effect.”

    Users who fall victim to such attacks should check their timelines and remove all the posts published on their behalf. It might also be wise to check the Activity Log to see what other actions have been performed without their knowledge.

    In general, if you want to avoid falling victim to such scams, don’t trust any posts claiming that your account or certain features will be deactivated unless you perform some actions.


    Source:
    http://news.softpedia.com/news/Spam...-of-Fake-Chat-Verification-Posts-438476.shtml
     
    starbuck, Apr 19, 2014
    #1
  3. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,620
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
    Good to know.

    Thanks Pete.
     
    allheart55 (Cindy E), Apr 19, 2014
    #2

Share This Page