How a Typical Facebook Scam Works?

Written by Amit Agarwal on Nov 25, 2011

If you have been on Facebook for a decent amount of time, you may have definitely come across videos posts on your news wall that have an enticing title and an innocent thumbnail but upon clicking, the link takes you a scam website.

How do such scams happen on Facebook and why do they go viral so quickly? If a trusted friend is sharing such links with your, does that mean her Facebook account is hacked or does she have a virus on her computer that is quietly posting these dangerous links on her behalf? Not really.

Matt Jones, who works with the Data & Security team at Facebook, has recorded an informative screencast video where he walks you through the various type of scams that happen on and why do they happen. Most scams require Facebook users to copy-paste some JavaScript code into the browser’s address bar and as soon as they do that, the rogue post is automatically published to the walls of all their Facebook friends.

Facebook Scams and XSS

Interestingly, according to Matt, Google Chrome and Safari are the only browsers that are susceptible to this kind of cross-site scripting (XSS) vulnerability while IE and Firefox are relatively safe. And since the malicious JavaScript code is often hidden inside Flash videos, Facebook isn’t able to detect it. Maybe the solution is that they allow video embeds from trusted websites.

Subscribe to our Email Newsletter