Facebook users tempted to snoop on their friends' accounts by hacking into them should really think twice, especially when they come across a site offering such services.
Security researcher Joshua Long said the "Hack Facebook" site "works" indeed—but it is the user who wants to hack other accounts who ends up having his or her own account hacked instead.
"(T)he site tricks wannabe hackers into sending texts to a premium SMS number (81073), which leads to charges on their next phone bill. The site may also collect login details that could later be used to try to hack into the would-be hacker's various online accounts (Facebook or otherwise), and of course once the spammers have your phone number they might also send you text message spam (or sell your number to other spammers)," Long said in a blog post.
A separate post by Long on the blog of security vendor Intego said a link to the site in question is featured in spam emails.
Long said a rough translation of the site indicates the site can help a user get the target account's password.
Those who fall for the site are taken to a web page that asks them to send two SMS messages to a number to get codes that will let them pay and continue with the alleged hack.
"Texting this number may also result in an attempt to automatically bill you through your cell phone service provider. A Google search for SMS 81073 reveals complaints on several French-language forums in which users claim to have been charged about €4.50 per text message. Evidently, 81073 is an example of what’s known as a 'premium SMS' or 'premium messaging' number," Long said.
"So the moral of the story is that you should never trust sites that claim to let you hack into someone’s account (or, for that matter, any sites that are advertised via spam)," he added. — TJD, GMA News