There are no shortage of scams and swindles designed to trick people into parting with cash or personal data. Perhaps the most concerning of these is the apparent ease with which criminals can dupe victims into giving away private information.
Now, another attack known as 'cross-site scripting' or 'XSS' has come to light. As reported by Action Fraud and lifestyle technology website Tom's Guide, a social media scam is circulating that tricks Facebook users into giving fraudsters access to their accounts.
Curious victims are lured by the promise of gaining access to other users' Facebook accounts through a simple 3-step process. The hack, which involves accessing the HTML code of a Facebook profile from a web browser, instructs victims to paste a new string of code into the HTML editor. No tools are required, which means anyone with an internet connection and a Facebook profile can do it. This, they are told, will enable them to take control of other users' accounts.
Unsurprisingly, the result is not what the victim has been promised. Instead, the new piece of code grants scammers access to the victim's own account and profile.
This allows hackers to instantly see their victim's personal data such as telephone numbers and email addresses, private information, birthdays, and that of their Facebook connections, too.
What You Can Do
If you spot this type of scam on Facebook, please report it immediately. Click the arrow in the upper-right corner of the post and select "This is Spam."
If you know of anyone who has been lured into this type of cross-site scripting scam, the individual should contact Facebook immediately, change their password, and report the incident to Action Fraud.
Whilst you may never experience this type of fraudulent activity yourself, it serves to demonstrate just how easy it is for criminals to dupe people into giving open access to their personal information. As ever, vigilance and awareness is our best defence. Understand the risks, stay alert, and report any suspected fraudulent activity to Action Fraud on 0300 123 2040 or via www.actionfraud.police.uk.
Further information on this Facebook hack is also available via Tom's Guide.
Social Media Security: Best Practice
As well as managing your social media privacy settings, always be aware of the information you post to social networking sites. Keep personal information personal. Be careful how much you give away and remember that even if you are not connected directly to potential fraudsters, they can still access your data publicly and through your friends' networks.
The more information you post, the easier it is for strangers to collaborate information and access your sensitive data. In extreme cases, it can even be used to steal your identity.
When using social networks always use strong passwords, which should be at least 8 characters long and contain a mixture of letters, numbers and special characters. Avoid 'guessable' combinations like birthdays or children's names.
Be wary of links or downloadable files in messages on social networking sites. Even if they come from a friend, their account may have been hacked. Exercise doubt and if you're unsure, contact your friend to check the validity of their message.
Get Safe Online is an excellent resource containing detailed