Hacking Facebook User With Social Engineering Method.

-
Type : Tutorial
Level : Medium
Attack Type : Social Engineering
Almost more than 70% people in this world know about facebook, the largest and biggest social network website. Some of facebook users even called themselves as facebook addict where they will feel something missing in their life while they didn't open facebook in a day.
Nowadays if you saw news and information about growth of internet users was very rapid, but some of them didn't know about securing themselves while on internet; or at least knowing while something abnormal happen in a website they visited.
Actually I've already wrote other tutorial related with facebook hacking tutorial:


Today I will wrote a simple tutorial about Facebook Hacking using Social Engineering method. Actually not a full tutorial, but at least you can get the conclusion how attacker do this type of attack so you also can aware :-).
I got this type of attack while one of my friend in facebook(his FB account was hacked by someone) and he send me a link that bring me to fake FB page.
If I can rate this type of attack maybe I will give it 8 out of 10 because of it's feasibility to harvest username + password directly and fast because its ability to deceive users (especially for users who just know how to use internet and not aware about security).
I'm talk too much LoL 😛 …okay let's prepare and see the  logic how the facebook user attacker do this

Requirement :

1. Facebook fake page (see my other tutorial)
2. Web hosting place

Step by Step :

1. Create the fake page first(you can improve yourself for creating this fake page 😀 )
Hacking Facebook User with Social Engineering Method
2. The next step attacker create some eye catching link to impress other users click that fake link. The picture below was only an example…while you put some link on facebook status, facebook will automatically grab your webpage + thumbnails on your webpage.
How do the attacker make their link more interesting while sharing facebook fake link?
-). they can add this :
<meta name="description" content="http://fakeurl.myfakewebsite.com was created for you to change your facebook profile much more responsive and have a better look by adding some background image, etc. Choose your facebook profile skin now for free..." />
that meta description will appear as description.
-). they also put this code :
<div style="position:fixed; top:-1000px; left:-1000px;">
   <img src="images/fb1.jpg" />
   <img src="images/fb2.jpg" />
   <img src="images/fb3.jpg" />
</div>
to make image did not appear while user access the fake page(http://fakeurl.myfakewebsite.com), but facebook can crawl the thumbnails from attacker fake page…so attacker can choose the thumbnails to display while sharing the link.
3. While user interesting and decide to visit attacker fake facebook page,
Hacking Facebook User with Social Engineering Method
4. They will feel that they're doing something with their profile,
Hacking Facebook User with Social Engineering Method
5. If the user successfully store their credentials in attacker database, then they will be redirected to facebook page by using simple script like :
<meta http-equiv="refresh" content="4;url=http://facebook.com/">
6. If the credentials not successfull to store on database, then ask the user once again to input their credential,
Hacking Facebook User with Social Engineering Method


Countermeasures :

1. While you already logged in in your facebook account, and then while you using application/link/etc it ask your credentials, do not believe it.
2. Look carefully to the URL address bar.
3. If you already put your credentials there, change your password as fast as possible.

Comments

Post a Comment

Popular posts from this blog

How to use Google Keep to take notes while you work.

-
Image
How many times do you browse the internet, find something interesting, and then (within a matter of minutes) forget all about it? If you ever thought you needed a simple way to take notes, you’re not alone. That’s why  Google Keep  may be just what you’re looking for. How to use Google Keep to take notes while you work What does Google Keep do? Google Keep is a simple tool, but that’s what people love about it! Once you download it, you can create a title and start taking notes. It really is this simple to use. You may have heard about it previously (or its biggest rival,  Evernote ). But, Keep is a bit unique in the features it offers, and the tool makes it possible for users to easily create and track notes. You can use it on your personal computer and any device using iOS or Android. If you use it with your Google account, it will sync to your account for easy access. Do this through  this Chrome extension. Google Keep DOWNLOAD FREE ► 8 Evernote
Read more

Simple tips to help increase your Boards percentage.

-
Image
Board exams are seen as the veritable test of knowledge. Conducted countrywide and taken to be the most widely accepted form of school level certification, the boards rightly deserve the attention it receives. As the exam dates draw nearer, one common query amongst all students (be it 10 th  or 12 th  grade) is how to prepare in order to get a high percentage. Understandably enough, the increased competition all over the country doesn’t leave enough room for a lackluster preparation and the room for error has grown narrower. Thus along with hard work, what students require to do is smart work. In this article, we will discuss some steps which are easy to assimilate into your daily schedule and can help you to become more focused and success oriented. Also, we will look at the ways a board question paper should be approached and how a student should write his/her answers. Before starting, the main thing a student should keep in mind is this: one should not be competing against wh
Read more

HOW TO ACTIVATE WINDOWS WITHOUT A PRODUCT KEY

-
Image
Activating Windows without a product key usually requires you to use a Windows Activator. Using a Windows Activator without owning a legitimate copy of Windows isn’t legal, since it’s basically stealing Windows. On the plus side, activating Windows without a digital license or product key is free. There are also ways to activate Windows without using an activator, although Windows activators are arguably easier to use. Here are two ways of activating Windows without using a product key. One method requires a Windows Activator while the other doesn’t. Choose your preferred method – they both have the same end result. METHOD 1: ACTIVATE WINDOWS 10 USING A BATCH FILE This is one of the fastest ways to activate Windows 10 for free. It just requires you to create a batch file, run it as an admin and reboot your computer. Here’s how you do it: Open Notepad Paste the following code: @echo off title Windows 10 ALL version activator&cls&echo *******************
Read more