MSelf-XSS, or a cross-site scripting scam, is designed to trick you into giving away access to your Facebook account. If a scammer gets access to your account, they can post and comment from your account
How does a Self-XSS scam work?
A Self-XSS scam usually works by promising to help you hack somebody else’s account. Instead of giving you access to someone else’s account, the scammer tricks you into running malicious code that gives them the ability to use your account for fraud, spam and tricking more people into the scam.
Scammers will usually target your friends by posting to your Timeline.
To avoid Self-XSS attacks, never copy and paste suspicious links. Learn how to recognize a Self-XSS scam.
In many cases, Self-XSS scams emerge when someone tags you in a post claiming you can “hack any Facebook account.” That person is usually a friend who’s fallen for a similar scam previously, and a scammer is now using their account to trick more people.
An example of a Self-XSS scam asking you to paste malicious code.
how do i deal with it?
If you clicked on something that turned out to be spam or your account is creating unwanted posts, events, groups or Pages, try these steps:
Secure your account
If you can log into your account, we recommend changing your password. If you can’t get into your account, you can secure it.
Review account activity and remove any spam
Check your login history for suspicious logins
Run a review of your recent posts and likes
Check your Activity Log and delete any unwanted actions
Check your installed apps and games and delete anything you don’t trust
Scan your computer and update your browser
Scan your computer using one of the free anti-virus scanners provided by our partners
Check that you’re using the latest version of your browser (ex: Firefox, Internet Explorer, Safari)
Report spam to us
If you come across any more spam on Facebook, report it to us. By doing so, you will be playing an important role in helping us protect other people from scams.
It’s possible that you clicked a malicious link, downloaded a bad file, or logged into a fake Facebook Page and someone got access to your account. Learn more about keeping your account secure.