A new Facebook scam promising users the ability to hack anyone’s account is only a guide towards hacking your own account.
The scam lures users by providing a guaranteed access to anyone’s account in three easy steps. But following the steps make users hack their own page, via a method termed as Self-XXS, which makes anyone who attempts the guide vulnerable to new scam and phishing campaigns.
The scam pops up as a Facebook post on your Timeline or an email from a friend of a victim, promising to ‘hack any account following three steps’. It then asks you to open up your Facebook in a new browser and head over to the Facebook page of the individual you want to hack. Then right-clicking anywhere on the page brings up a pop-up menu where you are asked to select ‘Inspect Element’. This presents an HTML editor at the bottom of the web browser.
In the HTML editor, the scam guides readers to copy-paste a string of code. However, the code doesn’t fulfill its promise; but grants scammers access to your account.