In a way, this latest Facebook scam is poetic justice because it starts with an email or a Facebook post on your Timeline which promises to show you how to hack someone else’s Facebook account, but instead, when you follow the steps provided, your end up assisting the scammer who sent you the communication in hacking your own account. The hacking takes place in just a few steps. In the first step, you are told to open Facebook in a web browser and then go the Facebook page of the person you want to hack. You are then told to right-click on the page and from the popup menu, choose “Inspect Element” which will bring up an HTML editor at the bottom of your screen. Here you are instructed to insert a sting of code that purports to enable you to hack someone else’s account where in fact, what you have just done is give access to the scammer to your own Facebook account. This type of hack is called cross-site scripting or Self-XSS and it exploits a vulnerability in both web browsers and Facebook, which neither have fixed yet. If you fall for this scam, a scammer will get access to your emails and passwords. This is particularly troublesome if you, like too many people use the same password for all of your online accounts including banking because the scammer can then access your bank account.
Avoiding this scam should be particularly easy because you should not be trying to hack into someone else’s Facebook account in the first place. Also, as I have told you many times, “trust me, you can’t trust anyone.” Don’t insert code into your browser unless you are absolutely positive that it is legitimate. The risk is too large. Finally, this scam should also be a reminder to us all to use different passwords for all of our accounts. It is not as difficult as it sounds. A good password will be a combination of at least eight symbols, numbers and both capital and small letters. A phrase such as “IDon’tLikePasswords” combined with “12!!” and letters to denote the particular account such as “Fbk” to make a password of “IDon’tLikePasswords12!!Fbk” is a strong password.