Facebook is the most widely used social networking site with more than 1.5 billion users, which makes it a huge target for hackers. In this topic we will show you the top 10 methods used by hackers to hack Facebook accounts and how you can protect yourself against these cyber crooks.
Phishing is still the most common type of assault used for hacking Facebook accounts. There are several strategies for carrying out a phishing attack. A basic attack works like this – a hacker makes a fake login page which precisely resembles the genuine Facebook page. An email is sent asking the casualty to login into that page. Once the casually logins through the fake page the casualties “Email Address” and “Secret Word” is put away into a content record. The hacker then downloads the content document and get’s his hands on the casualties accreditations.
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it.
A keylogger is basically a small program which once is installed on a victim’s computer it will record everything which the victim types on his/her computer. The logs are then sent back to the attacker by either TP or directly to the hacker’s email address.
There are two methods of keylogging:
Software Keylogger – Runs on the computer operating system.
Hardware Keylogger – Device connected to the keyboard.
Almost 80% percent people use stored passwords in their browser to access Facebook. This is very convenient for you, but can be extremely dangerous as stealers can easily access your saved passwords stored in the browser.
How to combat facebook hacking via stealers:
Use password manager: Password mangers automatically fill out important forms without you having to type anything in and keeps your password safe.
Avoid saving passwords on browsers: When the “remember password” prompt comes up and you are not at your own computer, click on the “not now” button.
Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection. In a session hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account. Session hijacking is widely used on LAN’s.
How to combat session hijacking?
Using a firefox add-on called Force TLS or if you use Chrome, KB SSL Enforcer. Both will automatically redirect you to secured page of the sites you visit.
Side Jacking / Fire Sheep
Sidejacking is a popular method for hacking Facebook and email accounts. It’s the process of stealing someone’s access to a website, typically done on wireless public networks. Firesheep is widely used to carry out sidejacking attacks and works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it’s more targeted towards WiFi users.
How to combat Side Jacking?
Install a free Firefox add-on called Force TLS or if you use Chrome, install KB SSL Enforcer. Both will automatically redirect you to secured pages for the sites that you choose.
Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. If the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.
How to combat Facebook Mobile Phone Hacking?
Confirm your mobile number: Confirming your mobile number is one of many ways to enhance your account security on Facebook. This way, even when you lose or forget your password, Facebook will able to send you a new one via sms.
Code generator for android phones: If you use an android phone, you can set up an extra layer of security by having to enter a code every time you access Facebook through the app.
If an attacker has physical access to your computer, he/she could insert a USB stick is programmed with a function to automatically extract saved passwords in the browser.
How to combat USB hacking?
Do not leave your laptop unattended.
Install software that tells your computer not to accept unrecognized devices.
Man in the middle attack
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place him between the client and the server or he could also act as a default gateway and capturing all the traffic in between.
Botnets are not commonly used for hacking facebook accounts mainly because of it’s high setup cost. They are used to carry more advance attacks. A botnet is basically a collection of compromised computer. The infection process is same as the keylogging however a botnet gives you additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.
If both the victim and attacker are on the same network, an attacker can use a DNS spoffing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.
Ways to protect your facebook account from hackers:
- Use a firewall: Keyloggers usually send information through the internet, so a firewall will monitor your computer’s online activity an sniff out anything suspicious.
- Password Manager: Keyloggers can’t steal what you don’t type. Password managers automatically fill out important forms without you having to type anything in.
- Strong Password: Use lower case can Uppercase letters, numbers and keyboard characters in your password.
- 12+ Size Matters: A password of 12 characters in length with numbers, letters and characters will take on average 2 years to crack. Go for length over complexity.
- Change Password: Change your password every 3 months. This goes for all of your passwords and not just your facebook one. Set a reminder on your calendar.
- Avoid Remember Password: Very important if you’re not using your own computer. When the “remember password” prompt comes up and you are not at your own computer, click on the “not now” button.
- Login Alerts: Facebook can send you an alert when someone logs into your account from a new device or browser. You can get login alerts via Facebook notifications, email or text massages.
- Activate Login Approvals: This gives your account an extra level of security by requesting a security code when you log in. To set up Login Approvals, click on the word “Edit” to the right of “Login Approvals”, then click on “Get Started” to begin the setup wizard.
- Browsers and Apps: Click on “Edit” to the right of “Your Browsers and Apps” to see which browsers you have saved as ones that you often use. If you see something on that list that doesn’t belong, click “Remove”, then “Save Changes”.
- Caution with friend requests: Don’t accept friend requests from people you don’t know. Scammers can create face accounts and friend people. Once they’ve friended you, they can spam your timeline, tag you in posts, send you malicious massages and even target your friends.