@Piru
As I said she told me she hasn't provided her login details to anybody, and she is aware of phishing emails and doesn't respond to them. I was asking Karlos how the cross-site scripting attacks work.
Facebook has been a breeding ground for such attacks for a while. I believe Twitter too has had its fair share.
For them to work, you need only browse an infected page as I understand it.
In the end it was their proliferation on Facebook that caused me to delete my account with them. It just felt like tempting fate too much.
Sorry to hear your sister has had issues.