Facebook Scams: "Hacking any Facebook Account", "Facebook Music Theme"


A new facebook scam which is claimed to be a script to "Hack any Facebook account" is spreading like Wildfire.  Recently, i also came across a facebook scam post that promise a "Facebook Music Theme". I've been tagged in the spam posts by more than 20 friends within a week.

The post has a link to a script file which is randomly hosted in dropbox, pastebin, textuploader and other file hosting services.

The post tricks users into thinking that it is a script to hack any facebook accounts.  It urge users to use it before it is getting blocked by facebook.

It asks them to copy the script and paste in the "console" section of the "inspect element" option in your browser.  It claims you will get username and password once you done the process.


Here is what exactly happening:
When you execute paste the code in the console section, it will run the code on behalf you.  So, it will send several requests including "Like" & "comment" request".  It means that you are unknowingly "liked" and "commented" on the scammer's pages.


It also tag all of your friends in a comment so that it can spread the scam further and get more victims.

I can't believe that there are still plenty of people out there who still believe some stupid scripts can hack accounts.

Are you one of the victim who followed the stupid instructions? 
No need to panic.  As far as i know, the script only "likes"& "comments" on behalf you.  So, you can simply go to "Activity" log page in your account and unlike & uncomment them.  If you are reading this article, make sure you are not doing the same mistake again.

Facebook Scam: World's Largest Snake Video and Shark Eating Man Videos

Facebook Survey Scam
Attention Facebook users ! If you are seeing a Facebook post promising outrageous videos, for instance"Shocking video: World's Largest Snake Video, Don't click it, It is nothing other than Survey Scam.

There are various facebook posts circulating with different bogus title in facebook that leads to a survey scam page.

So far, the topics used in the scam campaign are " SHOCKING VIDEO World’s Largest Snake Found In [Brazil /Mexico ]", "Exclusive: Shark eats the swimming man in an Ocean!! Watch the video".

Facebook Scam post
The user who clicks the link in the post will be taken to a web page where they are asked to complete the survey in order to view the video and share the video in their facebook account.

At the end, you will get nothing other than being a victim of the scam.  Remember, there is no such videos.  If you come across these kind of posts, just ignore it /report it to Facebook.

Facebook Spam: "She went inclusively nuts and lost all control of the razor-sharp axe"

A new spam that preys on people's curiosity is circulating in Facebook.  Today, E Hacking News has come across a new spam campaign.  The spam post has a picture of women that looks like a video.

"she went inclusively nuts and lost all control of the razor-sharp axe Well, Watch what happened..in..this..video:_:: [Tiny_URL]" The spam post reads.


Facebook spam post


Following the link provided in the post takes the users to a page where it says "She did this at the tender of age 15" and the site displays an image mimicking an embedded video player.

After clicking the image, i am really inspired by the clever work done by the CyberCriminals.  When a user click the image, it asks users to press three shortcuts one by one - Ctrl+L, Ctrl + C, Ctrl +W .

I know what the last two shortcuts do but not sure about the first one.  I've managed to find the usage of the Ctrl+L shortcut in browsers.  It is being used for selecting the URL.

So the shortcuts are for selecting&copying the url and closing the windows.  But wait a second, i failed to notice one thing.  When i clicked the image , the page opens a new window.

Small window -1

Small window  -2


Interestingly, the new window is so small and not visible.  So pressing the shortcut keys copies the URL of the new-window and closes the window.  The URL contains the victim's authentication token.


A victims who fail to notice the window and follow the instructions soon find them-self victim to the Facebook spam post.  The spam will be posted in the victims' wall using the hijacked authentication token. 

Google's Blogger is being abused for spreading Spam in Facebook


Cyber Criminals now started to abuse the Google's blog-publishing service Blogger for spreading their Sex Tape spams in the Facebook. Today, E Hacking News come across two facebook spam posts that links to a Blogspot address.

In one of the Justin Bieber sex tape spam, the cyber criminals used the title of the video link as "Watch Justin bieber s3x tape" and posted "I can't believe this is for real , omg is this true" from the victim accounts.


In another spam post, the title is mixed with numbers to bypass the spam detection "[VIDEO] R1HANNA S33X TAPE" .

When a user click the link , it leads to a blogspot page redirects to a malicious survey scam page where user asked to click a button & copy the content of the address bar and submit for verification.

If the user do as instructed in the page, soon he will find himself as a victim of Facebook spam and his account will be used for spreading the spam post.

Previously, we have detected that the scammers abused the Tumblr for spreading the spam in facebook .

Facebook & Tumblr being abused for spreading "John Cena Dies of Head Injury" spam


Today , one scammer posted a spam message in E Hacking News fan page that reads " John Cena of WWE died in a head injury while training! Watch the original video clip here >>>  [Facebook_Group_Link]"


Clicking the link leads to a group post with title "Exclusive vids".  The post has the following message:

John Cena (John Felix Anthony Cena) of World Wrestling Entertainment died in a head injury while perfecting a wrestling stunt with WWE wrestler, Dwayne Johnson or also known as The Rock. Authorities are now investigating. Watch the original video clip from WWE and their effort to save JOHN CENA (for 18 years+) CLICK HERE --------->[Bit_ly_Link]
Clicking the link will lead the victim to a Tumblr page where it displays a GIF image that looks like a buffering video interface. The GIF displays a fake error message " Ahhh your social media player needs to update click here and then click add to update"


Once the victim click the link, it redirects to another page where users are being asked to paste the "Access token" .

Last year, the Hoax-Slayer identified similar spam post that claims the John Cena of WWE died.

"Miley Cyrus sex tape leaked on the Internet" Facebook scams steals Authentication tokens

miley cyrus facebook scams

Tempting Facebook users with the promise of sex tape videos of celebrities are not new, but cyber criminals still choose that method as social engineering attack is one of the successful way to achieve their malicious goals.

The latest scheme starts with a post titled "Breaking News : Miley Cyrus sex tape leaked on the Internet. Millions of men called in stick after seeing it." The post has a huge thumbnail propagating the scam displays a closeup of the singer, apparently in a state of rapture.

When a user click the image, they are taken to a website where the video appears to be hosted. When victims want to play the click, they are asked to verify their age by copy and pasting their Facebook authentication token into text box.

The token allows the cyber crooks temporary access to the targeted Facebook account, including the victim’s list of friends.

According to Hot for Security report, users who fall for it will see their Timeline flooded with posts advertising the aforementioned video. Even worse, all their friends will be tagged to make sure that they don’t miss it.

"Get Free iPad 3 !" Beware of Facebook and Twitter Scams

While everyone anticipating that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th, Scammers have decided to take advantage .

Sophos security researcher come across a Facebook and Twitter Scam post that claims "Get free iPad 3". The interesting thing, iPad 3 doesn't exist yet.



"As Apple hasn't even announced the existence of an iPad 3, these posts and pages (some of which have existed for months) are clearly up to no good," says Researcher Graham Cluley.

"Chances are that we will see Apple announce an iPad 3 very soon. But don't be duped into believing there's an easy way to get one for free." He added.

"Your profile has qualified for an award of $2M" Facebook Gold Membership Scam


Hoax-Layer come across a new Facebook scam which claims to be from Facebook Team, informs that that recipient's profile just completed It's 100% Gold Status membership which has qualified you for an award of $2,500.000.00 (Two Million Five Hundred Thousand Dollars) by Facebook.

The Scam Message:
Congratulation!!!

YOUR PROFILE HAS BEEN AWARDED A GOLD MEMBERSHIP STATUS ON FACE BOOK....

We happily announce to you that your profile just completed It's 100% Gold Status membership which has qualified you for an award of $2,500.000.00 (Two Million Five Hundred Thousand Dollars) by Facebook.

You are therefore advised to contact our Executive Secretary for further directives on how to receive your award sum.

Ensure to quote the following information for authentication:
Full Names, Address and qualification numbers to the Executive Sec with your Gold Membership Qualification Numbers: (FB-57-20100, BB-456-76FUB)

Contact Person: Mrs. Florence Alison (Executive Secretary)

Email:f.team@usa.com

Payment would be made to you and other qualified members not later than 7 working days from the date of this notification.

Note: Ensure to keep all winning information strictly confidential to avoid double claims which may lead to disqualification.

Sincerely yours,
Facebook Team

The victims who fall for this scam and contact the "Executive Secretary" as instructed will soon be asked to send upfront fees, ostensibly to cover various - entirely imaginary - costs such as insurance, legal and banking expenses
The scammers will insist that these fees cannot be deducted from the cash award, which of course is also entirely imaginary.

"Your account info has been changed" - Fake Facebook notification delivers keylogger

A spam mail that poses as a notification from Facebook and claims recipient's account information has been changed , leads to malware attack.

The spam mail with subject "Your account information has been changed" hides the content and ask users to install the Microsoft Silverlight in order to view the content. If you take your mouse over the image link, it points to a .PIF(Windows executable file) file hosted in Malaysian IP address. BarracudaLabs identified this trojan as Trojan.Win32.Jorik.

Clicking on the Silverlight graphic does warn you that you’re about to run a program. This is why the Microsoft graphic is a clever addition to the ruse – you think you should be running a Microsoft program, and it’s doing exactly what you expect.

Once you click the Run button, the Trojan will take care of your system and send your keystorkes to it's master.

New Facebook survey scam claims Chuck Norris dies at age 71


Scammers spreads a new scam message on facebok that claims "Chuck Norris dies at age 71" and offer a link to a news report video but the link leads to a Survey page , the scam spotted by sophos researcher.  Chuck Norris isn't dead

The scam message:
[video] Chuck Norris dies at age 71! Not a Joke.
[LINK]
See the video to find out how he died. News today of Chuck Norris death at age 71 has been met with confusion and humour, but sadly it is true.
Clicking the video link will land you in survey scam page . The page will ask you to complete the survey in order to watch the video.

When Sophos researcher analyzed the scam, it took him to a website claiming to offer a free £100 Starbucks card.

If you see this kind of scam message that ask you to complete their survey, just ignore it, they will never give what you want.  If you shared the message with your friends, remove the message from your wall. 

"Free Mobile Recharge Coupons" scam hijacks Facebook accounts


A recent phishing scam "Free Mobile Recharge" targets Facebook users, hijacks accounts and making impossible to recover the account, warned by McAfee.

The scam automatically post a tricky free recharge offer on the victim's wall to convince their friends to click on that link. Following the link will land you in a phishing website, which asks for their Facebook account details. Once you fill the detail and press the login button, it will take you to survey page. Meanwhile it will send your login details to attacker.

The same scam message is posted on that victim’s wall to further spread the attack.

The attacker not only change the account passwords but also deleted their primary information such as email . Even if the victims try to reset their passwords, they will never get the password reset email from Facebook.

Get $50 Dollar General Gift Card for FREE to all facebook users : Facebook Scams


A New Facebook survey scam claims that uses who click a link will receive a free $50 gift card from variety store chain Dollar General, Hoax-Slayer report says.

Usually, scammers use this survey scams to get victim's personal information including name, address and contact details. This details can be used for scamming further or any other malicious purposes. Some other scammers trick users into download dubious toolbars, games or software. Still others will claim that users must provide their mobile phone number - thereby subscribing to absurdly expensive text messaging services - in order to get the results of a survey or go in the running for a prize.

No matter how many offers or surveys they complete, or what services they subscribe to, victims will never receive the promised gift card.

The scammers who create these bogus promotions will earn commissions via suspect affiliate marketing schemes each and every time a victim completes an offer or participates in a survey.

If you see these kind of scams in facebook , just delete and never click any links.

Facebook Phishing Scam promotes Indonesian rock star


A New Facebook phishers used Indonesian Rock star as beit for their phishing sites.

"This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular." reported by Symantec.

Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”.

The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of the photograph translated: “To view videos of Ahmad Dhani recorded from CCTV cameras, please login below”. After users entered their Facebook login credentials, the phishing page redirected to a pornographic website. Of course, if users gave away their login credentials to the phishing site, phishers would have successully stolen their information for identity theft. The phishing site was hosted on a free Web hosting site.

Celebrities have been a common target in phishing attacks. In the past, we have seen Aishwarya Rai and Katrina Kaif used as phishing bait. Phishers are choosing celebrities with a large fan following because they perceive a larger audience will mean more duped users.

Security Tips to avoid Phishing Attack ,provided by Symantec:
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software, such as Norton Internet Security 2011, to protect you from online phishing.
Security Tips from BreakTheSecurity:
  • Before entering the login information ,check the url
  • Use Secure Connection(Ex: https://gmail.com)
  • Use some AntiPhishing Addon(ex: FirePhish)
  • Don't forget to read our Security Tips Blog: http://www.breakthesecurity.com

    Facebook Rumor "Facebook Just Released Their Price Grid For Membership"


    A rumor is spreading in Facebook "Facebook Just Released Their Price Grid For Membership, need to pay for new profile".

    The Fake news circling in :
    Facebook just released their price grid for membership . $9.99 per month for gold member services, $6.99per month for silver member services, $3.99 per month for bronze member services, free if you copy and paste this message before midnight tonight. When you sign on tomorrow morning you will be prompted for payment info…it is official it was even on the news. Facebook will start charging due to the new profile changes.
    If you copy this on your wall your icon will turn blue and facebook will be free for you. Please pass this message on if not your account will be deleted if you do not pay.


    Another Fake news:
    “This is official… it was even on the news… facebook will start charging due to the new profile changes… if you copy this on your wall your icon will turn blue and facebook will be free for you. Please pass this message on, if not your account will be deleted if you do not pay!!”

    Ha Ha ha..!! sounds funny.

    This is fake news, no need to worry about it.

    This is Status update on Facebook Official Page:
    A rumor on the internet caught our attention. We have no plans to charge for Facebook. It’s free and always will be.

    Note: It has a strong competitor in Google+ , they wouldn't never go premium.

    Facebook killer video scam spreads between social networkers

    A new Scam is spreading over the Facebook titled" Facebook killer video".

    Here you can see the screen shot of that Facebook Scam.