Type : Tutorial
Level : Medium
Attack Type : Social Engineering
Almost more than 70% people in this world know about facebook, the largest and biggest social network website. Some of facebook users even called themselves as facebook addict where they will feel something missing in their life while they didn't open facebook in a day.
Nowadays if you saw news and information about growth of internet users was very rapid, but some of them didn't know about securing themselves while on internet; or at least knowing while something abnormal happen in a website they visited.
Actually I've already wrote other tutorial related with facebook hacking tutorial:
Today I will wrote a simple tutorial about Facebook Hacking using Social Engineering method. Actually not a full tutorial, but at least you can get the conclusion how attacker do this type of attack so you also can aware :-).
I got this type of attack while one of my friend in facebook(his FB account was hacked by someone) and he send me a link that bring me to fake FB page.
If I can rate this type of attack maybe I will give it 8 out of 10 because of it's feasibility to harvest username + password directly and fast because its ability to deceive users (especially for users who just know how to use internet and not aware about security).
I'm talk too much LoL 😛 …okay let's prepare and see the logic how the facebook user attacker do this
1. Facebook fake page (see my other tutorial + facebook offline file http://www.hacking-tutorial.com/hacking-tutorial/hacking-facebook-using-man-in-the-middle-attack/ and http://www.hacking-tutorial.com/hacking-tutorial/5-steps-how-to-hack-facebook-account-password/)
2. Web hosting place
1. Create the fake page first(you can improve yourself for creating this fake page 😀 )
2. The next step attacker create some eye catching link to impress other users click that fake link. The picture below was only an example…while you put some link on facebook status, facebook will automatically grab your webpage + thumbnails on your webpage.
How do the attacker make their link more interesting while sharing facebook fake link?
-). they can add this :
<meta name="description" content="http://fakeurl.myfakewebsite.com was created for you to change your facebook profile much more responsive and have a better look by adding some background image, etc. Choose your facebook profile skin now for free..." />
that meta description will appear as description.
-). they also put this code :
<div style="position:fixed; top:-1000px; left:-1000px;"> <img src="images/fb1.jpg" /> <img src="images/fb2.jpg" /> <img src="images/fb3.jpg" /> </div>
to make image did not appear while user access the fake page(http://fakeurl.myfakewebsite.com), but facebook can crawl the thumbnails from attacker fake page…so attacker can choose the thumbnails to display while sharing the link.
3. While user interesting and decide to visit attacker fake facebook page,
4. They will feel that they're doing something with their profile,
5. If the user successfully store their credentials in attacker database, then they will be redirected to facebook page by using simple script like :
<meta http-equiv="refresh" content="4;url=http://facebook.com/">
6. If the credentials not successfull to store on database, then ask the user once again to input their credential,
Here's the video (sorry for bad quality) 🙂 : Video will come soon(i've trouble upload to youtube here 😛 )
Update: I made some change for this facebook social engineering method, you can view the updated one in this post about Hack Facebook Password Social Engineering.
Subscribe to this blog to get the latest update about how to hack facebook by click the subscribe button below
1. While you already logged in in your facebook account, and then while you using application/link/etc it ask your credentials, do not believe it.
2. Look carefully to the URL address bar.
3. If you already put your credentials there, change your password as fast as possible.