Hacking Facebook Scam, yes that is the title for our today tutorial. Sounds like strange and uncommon, but this is the fact that some people use Hacking Facebook Scam for a benefit.
Which kind of benefit do the people will get when they do hacking facebook scam? it's all about traffic and marketing, by using this scam method, the attacker can drive an absolutely large / mass facebook like or marketing about some product or website link, or they can earn some cash by redirecting user into a survey website.
What is a scam? according to wikipedia:
Scam is an attempt to defraud a person or group after first gaining their confidence. A confidence artist (or con artist) is an individual, operating alone or in concert with others, who exploits characteristics of the human psyche such as dishonesty, honesty, vanity, compassion, credulity, irresponsibility, naïveté, or greed.
Scam always related with the psychology of a human and one that most common used by scammer in facebook is the curiousity aspect.
Actually I want to write about this hacking facebook scam long time ago when the application about "who view your profile" was booming in facebook and most of your friend recommend this stuff :-). Now I still find this kind of attack nowadays and last two days I get this picture from my Facebook home wall (sorry for the pr0n picture).
If we see from the picture above (there is a "commented on a link"), the attacker utilize the facebook comments from this URL https://developers.facebook.com/docs/reference/plugins/comments/
Requirements:
1. HTML, CSS and Javascript knowledge.
2. Facebook comments plugins from developer page
1. Learn how to create a website link preview on Facebook from this tutorial about Hacking Facebook using social engineering method.
2. After we know the logic how to make a link previewer on Facebook, here is the result preview that attacker expected when user visited the link.
the attacker create a youtube looks a like website, but I will not explain about this website cloning things.
If you see the picture carefully, on submit button there also another transparent button there. 🙂
The transparent button on the picture is the button for facebook comments plugins, but with a little modifications the attacker covering all unnecessary real facebook comments plugins into his own interface.
3. The attacker also put this javascript code into the first line of the fake page.
The purpose of that script is to block all access from the specified city and redirect the requests from that city directly to youtube.com (to prevent/delay the facebook investigation process).
4. This is the preview of attacker fake page.
5. When victim visited attacker fake attacker page, input the code and click the submit button, here is the preview on victim Facebook profile page.
and everyone who interested with that link and visited the link, they will spread the URL automatically.
Here is the video preview:
Conclusion:
1. See carefully the URL when you saw some link on your Facebook home timeline. If you not sure about the link, you can open the link on another browser that not logged in to Facebook.
2. I still preparing the code to download, follow our facebook page https://www.facebook.com/computer.hacking.tutorial for the news update.