Websites claiming to provide automated tools for discovering the log-in credentials of a Facebook member are being set up in a more complex type of scam.
The “hacking” service is offered at no initial cost for the attacker and follows in the footsteps of the classic online survey Facebook scam.
The attacker is provided with a user friendly interface where they can enter the username of the victim. After the process is initiated, a new screen pops up allegedly offering information about the hack in progress.
Victim’s Facebook log-in credentials are not readily available
Jovi Umawing, security researcher at Malwarebytes, analyzed multiple websites purporting to hack Facebook accounts and in one case she uncovered that the terms of service clearly stated that the entire “hacking” process is nothing but a simulation.
However, no indication of this was available to the user when using the tools provided. At the moment, the website (fbwand[dot]com) is no longer online.
In a different example, hackfbaccountlive(dot)com, once the alleged hacking is complete, the user of the service does not have access to the Facebook password of the victim.
In order to get to the desired information, a protocol needs to be followed, which consists in referring the service to Facebook friends.
There is also the possibility to avoid disclosing the service to friends, by completing an online survey; most of those trying to obtain illegal access to other Facebook accounts definitely do not want to share the tip, and this is what the crook relies on.
Free hacking services are just a more elaborate deceit
Regular online surveys circulating on Facebook can be spotted a mile away. Their pattern should be well too familiar for a social networking member.
Most of the times, the crooks deliver messages promising access to content of great interest, but in the end have the user jump through hoops to get to it; the hoops are apparent obstacles in the way of watching a video and consist in sharing the initial message and completing online surveys.
In the end, the victim ends up doing the work for the crooks, who earn a commission for each survey filled.
Services promising hacking of Facebook accounts have the exact same pattern, but use a different bait.
By making the user choose between sharing the availability of the service and taking the survey, the crooks have created a win-win situation for them. Exposing the service to other users supplies more potential victims while completing the survey brings them revenue.
Moreover, running the scam this way could be more productive to them, since these websites can last longer and they do not have to come up with a new lure after Facebook stifles the campaign; they simply have to set up shop in a different location.