Facebook users in India are being targeted by hackers to gain more likes and followers on the social network. According to Symantec security experts, the new scam is a variation of a method called self-XSS (self cross site scripting), which helps trick users into copying and pasting code into their browser's console that could perform various actions on their behalf.
Researchers reveal a post went viral on Facebook from a particular page showing a purported video tutorial on “Facebook Hacking” with a disclaimer saying – it is meant for educational purposes only. The post redirects to a document hosted on Google Drive, which feature some code, which supposedly allows users to reveal their friends' Facebook passwords. The instructions ask users to disclose their friends' Facebook passwords. The instructions attempt to convince the user to paste the code into their browser console window and asks them to wait two hours before the hack will supposedly work.
“What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge. Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers,” explains Symantec in a detailed blog post.
Symantec reveals this type of scam was first circulated in 2011, while the current variation has been around since early 2014. Scammers manage to gain massive success with this scam earlier this year with gaining 50,000 to 100,000 likes and followers on a number of pages and profiles.
“For this campaign, the individuals responsible are based in India. They have modified the original authors’ code by simply adding their own pages and profiles into the script to increase their follower and like counts,” adds the blog.
You can learn more about the new scam here.