How Hackers can hack someone’s Facebook account
Hacking Facebook is one of the most searched and hot topics around the Internet.
Hackers can hack someone’s Facebook account easily in just a few minutes, the most successful
method among all of these techniques is Phishing, it enables someone with no or little technical
knowledge to hack account’s password easily in just a few minutes.
I suggest you to read the techniques listed below carefully!
PHishing Attacks
Phishing is the most common technique used for hacking FB passwords. It is very easy
for someone who is having little technical knowledge to get a phishing page done. That
is why phishing is so popular. Many people have become a victim of Phishing page due
to its trustworthy layout and appearance.
1. How does phishing works
In simple words, phishing is a process of creating a duplicate copy of the reputed
website’s page with the intention of stealing user’s password, or other sensitive
information like credit card details. In our topic, it means creating a page which
perfectly looks like FB login page but in a different URL that pretends to be legit. When
a user lands on such a page, he/she may think that is the real Facebook login page,
asking him/her to provide his/her username and password. So, the people who do not
find phishing page suspicious are going to enter their username & password. The
password information will be sent to the hacker who created the phishing page. At the
same time, the victim gets redirected to original FB page.
. The Hacking part
The username and password of Target is sent to Attacker. Target is redirected to a
money-making tips page which was created by Attacker.
That’s all, Target’s Facebook account is hacked.
Plain Password Grabbing
Most people are unaware of this method, but traditional hackers use this method to hack
user accounts.
1. How does plain password grabbing works?
In this method, the Facebook hacker targets a particularly low-quality website, where the
victim is a member and hacks their database to get the stored plain username & password
of victim.
How could the hacker/attacker get access to Facebook?
Many of us use the same password for FB and also for some poor Websites. So, it is easy for
a hacker to get your password through the low-quality Websites.
In another scenario, the hacker/attacker creates a website with the intention of getting
victim’s password, so when the victim registers his/her account using email and creates a
password, those details will get stored in the database of the hacker/attacker. Thus, hacker
gets access to victim’s account.
Keylogger
A keylogger is a software tool used to record keystrokes on a computer or mobile device.
This, in turn, records everything you type using your keyboard and store it for
use. Generally, keyloggers are installed as application software in operating systems to
track keystrokes, but there are hardware keyloggers as well.
1.How keylogger works
All keyloggers run in the background (except trial versions) and won’t be viewable to users
until you know the keylogger password and shortcut used to view it. It will record all the
keys pressed and give you a detailed report of when and what keys are used for what
application – Simply, a clean report to identify passwords.
Anyone who is reading the keylogger logs is able to see the Facebook password or any
passwords and sensitive information typed, like credit cards, bank username, password
etc. Whenever you log in to a public computer, there are chances to lose your Facebook
password to someone else.
Hardware keyloggers are identifiable in case of your personal computer but are hard in
case of public computers.
In another scenario, your friend/colleague/neighbor could ask you to log in using their
computer as a help. If their intention is to get your password, then you are most likely to
lose your Facebook account to the hacker.
Nowadays, many people are using mobile keyloggers. It enables to track the keypad of
mobile. So, any sensitive information typed on the mobile keypad is vulnerable to hacking.
Malicious Application Hack
Always remember that all the apps you use on Facebook are owned by third-party
publishers and not by Facebook. Of course, there are a few exceptions like Instagram. A
malicious application, which is requesting your permission, will do almost all kind of spam
stuff on your Facebook profile.
How malicious application hacks works
Whenever you find Login using the Facebook, you should come to know that it is a third-
party application not owned by Facebook. When you click Login using Facebook, you will
be shown a permission dialog box with the requested permission details.
What can a third-party application do on your Facebook account?
• Post photos and status update
• Share link to your timeline or to any group you belong
• Manage your page
• Post on behalf of you on the Facebook pages you own
• Access your personal information
• Access your photos including “Only me” privacy photos; sometimes they can further
access your mobile photos using a Facebook
Self XSS Scam
Self XSS is also known as Self Cross Site Scripting. XSS is basically a web security
vulnerability, which enables hackers to inject scripts into web pages used by other users.
It’s a kind of social engineering attack, where a victim accidentally executes a script, thus
exploiting it to the hacker.
How does self XSS scam Works?
In this method, hacker promises to help you hack somebody else’s FB account. Instead
of giving you access to someone else’s account, the hacker tricks you into running malicious
JavaScript in your browser console that gives a hacker the ability to manipulate your
account. Facebook hackers use this technique to add you in groups, add your friends to the
group, post on your wall, add your friends in comments etc.
Conclusion
The techniques above are a concept of only few commonly used
Techniques of Hacking Facebook account, there are still plenty of other
techniques that hackers discover in ZeroDay Facebook as bugs that
appears in old browser versions, applications & Scripts etc…