Check out the Facebook scams making the rounds this week

May 6, 2014 13:33 GMT  ·  By

Scammers are increasingly relying on so-called “self-XSS” attacks to hijack Facebook accounts. Experts warn that there are at least two shady Facebook pages that instruct users to execute some code in their console in order to allegedly keep their accounts active.

Malwarebytes researchers have analyzed the schemes. Scammers have set up a Facebook page called “FB Announcement 2K14.” On this page, they’re posting messages according to which the company’s CEO, Mark Zuckerberg, has announced that all accounts will be deactivated on May 18 unless their owners perform a series of actions.

Users must visit a website, copy a piece of code, paste it into their web browser’s JavaScript console, and execute it.

The cybercrooks have also set up a page called “FbCeo Mark Zuckerberg.” Similar posts are published on this page as well, instructing internauts to register their accounts to avoid having them permanently disabled.

So what happens when users follow the instructions? By executing the code provided by the scammers, victims are unwittingly allowing them to perform various actions on their behalf.

Impacted accounts automatically like certain pages, they follow lists, and they like the spammy posts. In addition, the appearance of the victim’s profile is changed, and his/her friends are tagged in the bogus message. The code that’s executed in the browser also prevents users from unfollowing certain accounts, Malwarebytes reported.

Facebook is aware of these self-XSS attacks and the company has taken some steps to mitigate them. However, that hasn’t discouraged cybercrooks from launching such campaigns. Last week, we learned that some individuals from India were tricking users by promising them a Facebook hacking tool.

Another scam that’s currently making the rounds on Facebook leverages an incident that took place in April. Reality star Porsha Williams was arrested after she assaulted Kenya Moore during a Real Housewives of Atlanta reunion.

According to an advisory published by Graham Cluley on Bitdefender's Hot For Security blog, scammers claim that Moore was so upset that she leaked a raunchy video of Williams. There’s no video, but by the time they figure this out, users help the fraudsters make some money.

Those who want to watch the private video are asked to share the post on their own timeline and complete some surveys. Each time these surveys are completed, the scammers earn some money.

Users are promised an adult video if they complete surveys
Users are promised an adult video if they complete surveys
Facebook users are advised to be on the lookout for such schemes. Bogus messages and pages should be reported to the social media network by using the Report/Block feature.

Photo Gallery (2 Images)

Scam pages on Facebook
Users are promised an adult video if they complete surveys
Open gallery