In recent weeks a lot of people are facing social-engineering attacks on their Facebook account, but how many of them actually know the mechanics behind them? In this post I have tried to explain some of those tricking Facebook scam, and their working mechanics.
Two famous attacks which leads to scam on Facebook are "share-baiting" and "self-XSS". Share-baiting is a pure social-engineering attack that takes advantages of bugs present in the Facebook design. Self-XSS is a combination of social engineering and a browser vulnerability.
Here is a great video by Matt Jones explaining those scamming methods. Matt works with the Data & Security team at Facebook.
Matt explains that web browsers such as Google Chrome and Safari are susceptible to cross-site scripting (XSS) vulnerability. Other browsers like Internet Explorer and Firefox are safe from this.