Spammers steal Facebook accounts pretending to be the "Facebook Chat Team"

If you come across an announcement from "Facebook Chat Team, "You should know that it is part of a fraud that is designed to trick members of the big social network and deliver it to Spammers accounts of their accounts.
The message reads:

"All Chat Box must be verified before 24th May 2014 to avoid Chat Blocking under SOPA and PIPA Act. The unverified Chat will be terminated. "

"All Chat Boxes must be verified before May 24, 2014 to avoid the blocking of your conversations by SOPA and the PIPA Act. Unconfirmed Chats will be terminated. "

Facebook Chat Team

According to Trend Micro, users who click on the links contained in the message are led to a Pastebin publication containing instructions on how to verify their account. The Pastebin publication contains malicious JavaScript code and gives instructions to victims about how to run it from their browser console.

Facebook Chat Team2

When the code is executed, scammers get access to the victim's account. Although the access they acquire is limited, they can still republish the victim's timeline fraud, tag other users, and make them like new web pages.
"Users should be aware that there is no product called 'Face Chat', let alone a team that sends a warning message," say Trend Micro experts.

Facebok is already aware of this fraud and has taken the necessary steps to stop it.

"There is a popular scam that claims the user will gain some benefit (illegal access to another account, a new Facebook feature, etc.) by pasting some JavaScript code into their browser console." says Facebook referring to a page that explains them self-XSS attacks and how the JavaScript console works.

This is a variant on the self-XSS attack. By pasting the code in the browser console, the user gives the code access to their account. The code usually posts the same scam on other people's walls, and subscribes the user to pages controlled by the attacker - but it could do much worse things.

Users who are victims of such attacks should check their timeline and delete all messages posted to their account. They should also check the activity log to see what other actions have been taken without knowing it.

Generally speaking, if you want to avoid falling victim to such scams, do not trust any post that claims that your account or some features will be disabled if you do not take action.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).