Today I came across a page that was supposed to allow you to hack Facebook accounts:
The victim's profile must first be accessed, then a code is pasted into the address bar and the Enter key is pressed. One minute later you get control of the attacked account, easier than possible.
Obviously it's a hoax:
At first I thought that the code would be the one of the invitations that are sent to all the friends, but what it does is run a script which loads a page with the classic surveys that are usually used to make money with spam applications.
They are not shown in the screenshot because there are no surveys available for my country (they are generally in English):
Page with surveys that allow spammers to earn money
But the interesting of all this is what happens while the user is entertained trying to hack, every time the script is loaded send a chat message to all your connected friends:
Chat message that is sent automatically
In the following screenshot you can see part of the script and the variable that loads the chat messageIn addition, there are others that are used to post on the wall and generate an event:
(click to see larger)
As we see, the Spammers cheat and use users to spread their attacks. In this case they only seek money with survey systems, in others the links or the same script could directly infect the team. You have to be careful!
Update: similar attacks were being carried out over the weekend but in spanish! More information: Find out who visits your Facebook profile, it is false!
See also: Examples of fraudulent surveys. Detect if they access your Facebook account. Teacher almost kills a student … (another FB fake but they are improving them).