If you come across an announcement from "Facebook Chat Team, "You should know that it is part of a fraud that is designed to trick members of the big social network and deliver it to Spammers accounts of their accounts.
The message reads:
"All Chat Box must be verified before 24th May 2014 to avoid Chat Blocking under SOPA and PIPA Act. The unverified Chat will be terminated. "
"All Chat Boxes must be verified before May 24, 2014 to avoid the blocking of your conversations by SOPA and the PIPA Act. Unconfirmed Chats will be terminated. "
According to Trend Micro, The users που κάνουν κλικ στους συνδέσμους που περιέχονται στο μήνυμα οδηγούνται σε μια δημοσίευση του Pastebin που περιέχει οδηγίες για το πώς μπορούν να επαληθεύσουν τον account their. The Pastebin post contains malicious JavaScript code and instructs victims on how to run it from their browser console.
When the code is executed, scammers get access to the victim's account. Although the access they acquire is limited, they can still republish the victim's timeline fraud, tag other users, and make them like new web pages.
“Users should know that there is none product called “Facebook Chat,” let alone a group that sends a warning message,” Trend Micro experts report.
Facebok is already aware of this fraud and has taken the necessary steps to stop it.
“There is a popular scam that claims the user will gain some benefit (illegal access to another account, some new feature of Facebook, etc) by pasting some JavaScript code into his browser console,” says Facebook referring to a page that explains them self-XSS attacks and how the JavaScript console works.
This is a variant on the self-XSS attack. By pasting the code in the browser console, the user gives the code access to their account. The code usually posts the same scam on other people's walls, and subscribes the user to pages controlled by the attacker – but it could do much worse things.
Users who are victims of such attacks should check their timeline and delete all messages posted to their account. They should also check the activity log to see what other actions have been taken without knowing it.
Generally speaking, if you want to avoid falling victim to such scams, do not trust any post that claims that your account or some features will be disabled if you do not take action.
