Wannabe hackers have been caught out by a reverse scam which tricks Facebook users into injecting or placing malicious JavaScript or client-side code into their web browsers.
According to the Hacker News, the Self Cross-site Scripting code could allow an attacker to gain access to victims’ accounts, thereby using it for fraud, to send spams and promoting further attacks by posting the scam on timeline to victims’ friends.
In this case, an attacker sends a phishing message offering a way to hack any Facebook user by following some simple steps. Once the victim “self injects” the malicious script to their account, it will give away the access of your whole account to the one who could do a variety of malicious activities, basically spreading all sorts of malicious campaigns.
Facebook has advised on this and said it is working with browser vendors to add protection in the browser in an effort to prevent this vector from being exploited.