Some Facebook users in India were tricked into hacking their own accounts by a scam claiming to reveal the passwords of their friends.
The scam compromised the user’s account by tricking them into using some code that takes control of their account and exposes their friends’ data in the process.
“What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge.
“Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers,” explained Satnam Narang, a security response manager for Symantec in a blog post.
The scam employs an instructional video explaining “Facebook Hacking”, which links to a Google document that contains some code.
The code allows users to see friends’ Facebook passwords, according to the scammers, with the instructions attempting to convince users to paste the code into their browser console window. The instructions explain that the code will take two hours to work.
In reality, the code performs actions behind the scenes using the would-be hacker’s Facebook account, including following certain users and liking pages. No doubt the scammers are being paid to artificially inflate the follower or like counts of some users and pages.
— © Guardian Newspapers Limited, 2014