How Your Facebook Was Hacked And How To Secure Yourself

How Your  Facebook Was Hacked And How To Secure Yourself

You  will find numerous posts about Facebook Account Compromise, but none will be as elaborate and straight to action  as this. Facebook is the largest social platform with over 2 billion users. Better defined as another world of its on, you have no idea how useful your Facebook will be to a hacker. Once a hacker have access to your Facebook account , he will manipulate his way into luring your friends to give out their own details while posing as you. We will take it all step by step, I will be showing you just how hackers take control of your Facebook, what they use it for and how you can secure yourself. 


A hacker may use a compromised Facebook account for any of the following:

  • To send more spam bait messages  to your friends and get their own log in details too
  • To pose as an impostor and trick people into giving out money thinking they are paying to the right person
  • To pose as an online vendor and trick people into paying money for undelivered goods
  • Lure people to give out their personal information
  • Convert your Facebook into a   scam page and use it to defraud naive users
  • Etc, this list goes on and on
As you can see there are unlimited ways to utilize a   Facebook account, no wonder Facebook have been rolling out series of security measures to control spamming.

Apart from Data breaching which involves an attacker exploiting a weakness on the Facebook server side, there is only one way for  a hacker to have access to your Facebook account...you gave them your password!! or..they guessed it right!!!  Now lets observe a perfect scenario  on Facebook hacking. 


How To Hack Facebook

We are going to use phishing and social engineering for this hack.  Although  key-logging and Ratting also works, this will be discussed under a different topic. So lets get started. 

First we need to make  a replica site of Facebook with a back-door, we can social engineer the targets into visiting our fake page (which looks exactly like a real Facebook) and once they log in, saam!!  we get their details on a log file in the file manager of our  host.. Simple? Nah, not if you don't  have some coding or hacking ideas, but lets break it all down!! Shall we?
  • First you need a web host, there are many free web hosting sites so you  may want to visit one and create an account. my favorite for this is 000webhosting.  Go ahead and visit the site  and sign up. If you want to achieve greater results on this hack, then buying your own host and domain would be ideal but still , free hosting works so fine for this test......
  • Now that you have a hosting platform, its time to upload  your files so lets go ahead  and clone Facebook:  There are three ways to do this:
1) you code it yourself
2) you  steal the source   code  and hack it for what you want  or 
3)  you use a phishing software.

 For this example, we will be using the simplest of the three which is the 3rd way. Simply download the phisher page creator from HERE. Extract the files and run the PBMKR application. enter Facebook address  on the Target Url, enter  the redirect page and hit create. This will generate a PHP file equivalent of Facebook which will log captured information on a log file  as you can see in the below picture.
Target Page: The  URL of the site you want to clone (which is http://www.facebook.com)
Redirect Page: The page you want the target to be redirected to after they submit their details.
Fetch Method: The name  of the file you want the captured data to be saved.  You can leave it for automated name.
When you hit create, you will be prompted to name the file you are about to generate. This is usually index.php. Now after the application have cloned it, it will be saved on your desktop. This is the fake Facebook page which you will upload on the internet for your targets to access. 


  • Now lets go ahead and upload the generated PHP file. Visit your web host and locate the file manager. Upload the PHP file on the public directory. Visit your page on a browser with the address and you are sure to see a replica of Facebook with the address bar as the only difference!!  Go ahead again to enter your information and see it get captured and saved in the public folder with the designated name.  Open the txt file and you will see your information as you entered them. 

  • Notice how it looks exactly like Facebook?  when you send this link to people  and they visit it, once they enter their log in details, its all yours! 

How to get people to visit your link?

Now you may be wondering how people can be hacked with the above  page. SO lets get down  to that. 

Social Engineering

Social engineering is a very old, efficient psychological approach that involves manipulating people's current or past natural situation   to lure them into doing something. Lets see a perfect situation that we can deploy social engineering to gather information about a group of people on Facebook, and attempt to manipulate them into doing what we want on the phishing page.

Advert: Get A Professionally Designed Phishing Page Of Any Website Now


Social Engineer For Facebook Hack

Take this easy steps to launch a powerful phishing campaign:
  • Open your Facebook page and type in say "soccer tips" on the search box.
  •  Navigate to the group section of the returned answers. 
  • Now request to join some of the groups that are into soccer tips and betting tips. 
  • When accepted, join and familiarize with the group, also make some new friends.
  •  Now  is the time to launch your attack. Be careful and don't overdo this to avoid being banned by Facebook for spamming. Locate a fresh popular post on the group and share your link with the caption "hey guys, i found this soccer tips group that is 100%  correct, look I won big last night, feel free to visit and sign in to join" . You can attach a picture of some dollar bills  just to make it look catchy, you'd be surprised on how effective this is. You will have alot of people  fall for this.   For a better result, you can send the link one by one to the new friends you made that are into the same interest. 
 Now you see how it works?   Lets go ahead and see how to secure your Facebook  from attackers.

How To Secure Your Facebook


Apart from the advanced ways we are going to discuss here, the best way to secure your Facebook is simple: Do not follow any unknown link!

Comments