The proverb If something sounds too good to be true then it probably is fits right into a wide spreading spam on the popular social hub Facebook. A recently spread message on the social network decoy users by stating that the given link allows users to heck anyone’s account and reveal password. The same spam can also be found on poorly protected websites or may be the most familiar once.
The scam message will most probably appear on your Facebook timeline and will show you the profile of your friend with a message that you can try this trick to hijack their personal profile.
Once you open the link it leads you to a page that appears to be in the HTML format, Then you are asked to enter a given code (Which is actually a code hackers use to get access to your facebook account) in a specific place to hack a specific profile.
If you are tempted enough to click on the link and fill in required details the bug in this spam will highjack your password and personal information like photos, message, account details before you even realize that you have been scammed. After the hack cyber criminal can not only access your data but will also have admission to your friend’s data that they would have shared with you and other friends.
Hackesrs take advantage of a long known vulnerability in the web browsers called XSS (Cross Site Scripting) that has bad reputation in cyber security firms. Although the browser vulnerability has been around for quite some time HTML is yet to come up with a fix for the problem. So its not a security loophole in Facebook or some other social network for that matter it a browser issue that has been ignored for long. But sure there are other ways to avoid these malicious XSS from installing in your device.
According OSWAP which is an Open Web Application Security Project there are some simple XSS prevention rules that can keep you out of trouble. Like knowing the locations of the HTML script where posting unknown data can get you into trouble. And most importantly don’t click on anything suspicious a trap most of the time looks like a trap so go with your guts.
