Self-inflicted XSS
Just an example of a decidedly original scam, which mixes XSS and social engineering.
Ever checked out your dev tools while on Facebook? If you do you’ll probably see something like this, but in English, with a link to a detailed explanation.
Rough translation: Stop! This section is for developers. If someone told you to copy and paste something here to enable a feature or to “pirate” someone’s account, it’s a trick. If you do, this person may hijack your account.
Scammers using the prospect of “pirating someone’s account” as bait is very fitting. You almost have to admire the simplicity, in the same way you have to admire how Russia recently pulled off the most devastating hack in history. All they did was send emails to government employees asking them to enter their passwords into a form…