Facebook users in India have been tricked by scammers who were claiming to offer a tool that could hack Facebook in order to obtain passwords belonging to the users’ friends. Unfortunately for these users, they actually ended up hacking their own accounts for the scammers and exposed their friends in the process.
A post began circulating on Facebook this week from a particular page featuring a video with instructions on ‘Facebook Hacking’ with a disclaimer stating that it was for education purposes only. The post links to a document hosted on Google Drive that contains some code that, according to the scam, will allow users to reveal their friends’ Facebook passwords. The instructions attempt to convince the user to paste the code into their browser console window and ask them to wait two hours before the hack will supposedly work.
“What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge. Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers,” said Satnam Narang, a security response manager for Symantec.
“Your account is also used to tag the names of all your friends in the comment section of the original post. This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well,” he added.
Why is this affecting users in India?
For this campaign, the individuals responsible are based in India. They have modified the original authors’ code by simply adding their own pages and profiles into the script to increase their follower and like counts.
What to do if you have fallen for this scam
If your account has liked and followed a number of pages and profiles without your consent, you should review your activity log. From your activity log, you can locate, unlike and unfollow the pages and profiles associated with this scam. You should also consider posting a status update notifying your friends about the scam to make sure they don’t fall for the same trick.
Scammers label their efforts as “ethical hacking”
Narang said, “While we were investigating this scam, we found that the individuals behind it were publicly discussing their efforts. Speaking in Punjabi, one of the individuals summed it up by saying, “Now this is the way ethical hacking is happening.” However, these efforts couldn’t be further from the concept of ethical hacking.”