Facebook “Script Scam”

FACEBOOK “SCRIPT SCAM” SPREADING.

A new Facebook scam, specifically targeting individuals with little or no self-esteem, is spreading like a wildfire on Facebook. The scam usually holds promises of running a script to “Hack a friends account”, “Get 100k followers” or “Get 30k likes” and some even promises a visual upgrade of the victims account. It asks them to copy the script and paste some code in the “console” section of the “inspect element” option in your browser and run it.

WHAT HAPPENS WHEN THE VICTIM EXECUTES THE SCRIPT?

When the victim paste and execute the code in the console section, it will run the code on behalf of the victim on the victims account only, sending several requests including “Like” & “comment” request”. It means that the victims unknowingly “liked” and “commented” on the scammer’s pages.

The code acts just like a worm virus would on the computer, except this time the victim executed the malicious file intentionally on their Facebook account instead!

Most people take care to protect their privacy and data in their computers nowadays using virus protection, however, when the victim execute and authorize a code manually on their computer, or this case Facebook, it still will access the protected information and submit it to the scammer.

Some of the more elaborate scripts may even access your user files like “Payment Settings” or “Download a copy of your Facebook data” and possibly submit the contents to the scammer, in the same way you can request to download your entire Facebook data file through the control panel.

WHAT TO DO IF YOU BEEN VICTIMIZED?

Go to your activity log, unlike and delete the comments generated by the script, check so no unauthorized withdraws have been made on your accounts behalf. Report the script to Facebook. If you did run the script to hack an account or wanted to get thousands of fake followers… it’s called KARMA!

I would say the best protection to any kind of scam, whether it’s on Facebook, email or a webpage based script containing malicious code with intent to hack into your personal data is COMMON SENSE!

Spread the word by sharing this article, and together we can stop the scammers!

Leo J Strand
ISA HQ – Europe

Written by