12 ways to hack someone’s FB account 2017

12 ways to hack someone’s FB account | Prevention and Safety Measures – 2017

      1.   Trojan Horses
2.   Facebook Zero Day

      3.  Phishing
4.   Plain Password Grabbing
5.   Malicious Mobile Application
6.   Key Logger
7.   Browser Vulnerabilities
8.   Malicious Facebook Application Hack
9.   Facebook Account Hacker Software
10.  Browser Extension Facebook Hacker
11.   Social Engineering
12  Self XSS

Phishing is the most common technique being used for hacking FB passwords. It is very easy for someone who is having little technical knowledge to get a phishing page done. That is why phishing is so popular. Many people have become a victim of Phishing page due to its trustworthy layout and appearance.

1.   Trojan Horses

Trojan Horse is a malicious program, which is used to spy and control a computer by misleading users of its true intent. Malware Trojan can also be called as Remote Key Logger, since it records key strokes of all the applications of our computer and sends it to the hacker online.

How Trojan Horse Facebook hacking works?

A software you think legit might be a trojan. A PDF you don’t suspect might contain a trojan. An AVI media file given by someone might be a trojan. The Trojan horse runs in the background process, collects information and send it to the hacker. Trojan Horse can be sent in any form through any medium, like pen drive, iPod, website, or email. In our topic, Trojan records FB password that you have typed in your browser and sends it to the Facebook hacker using the Internet.

How could you prevent yourself from Trojan?

·         Do not

o    install programs from unknown online sources

o    play media files received from an unknown source

o    open any kind of files downloaded from untrusted sources

o    insert pen drive from any suspicious people.

·         Do have an updated anti-virus software installed on your computer.

Having an updated anti-virus software does not guarantee you to stay safe from hacking. Basically, an anti-virus software is a collection of detected malware and viruses. Its job is to compare each and every file with the database of viruses. There are many numbers of software, which enable us to create undetectable Trojans. But, it is very unlikely to target a common man with undetectable Trojan ware. So, having an updated antivirus program is somewhat protective. Don’t forget to update your anti-virus software once an update is available.

2.   Facebook Zero Day

Zero Day is a security vulnerability that is unknown to the respective software vendor. In our context, undiscovered Facebook vulnerabilities are called Facebook Zero Day.

How does Facebook Zero Day hacking work?

FB Zero Day vulnerabilities are very rare, since Facebook runs a bug bounty program, where security researchers around the world participate and report Zero Day vulnerabilities. It is basically a security loop hole that is unaware to FB. It can be any hack affecting Facebook. There are two types of people who find Zero Day vulnerabilities. The first case is Security Researchers and Bug hunters, who make a responsible disclosure about the vulnerability to the software vendor; FB in our context. Another case falls under evil side. Black hat hackers who find Zero Day vulnerabilities don’t disclose it to Facebook and they will use it for their personal benefit of hacking. A few high severity vulnerabilities discovered in Facebook bug bounty program are listed below.

·         Remote Code Execution in Facebook Server

·         Hacking any FB account using Phone Number

·         Facebook account hack using legacy API

·         FB account hack using brute force method

·         Deleting any Facebook photos

How could you prevent yourself from Zero Day found by a hacker?

You need not be afraid of a Zero Day vulnerability affecting FB. As I have said earlier, Zero Day vulnerabilities are very rare. In most cases, Zero Day vulnerabilities are targeted only at influential people and celebrities. It is rare to target a common man using a Zero Day vulnerability.

      3.  Phishing

Phishing is the most common technique being used for hacking FB passwords. It is very easy for someone who is having little technical knowledge to get a phishing page done. That is why phishing is so popular. Many people have become a victim of Phishing page due to its trustworthy layout and appearance.

How does phishing work?

In simple words, phishing is a process of creating a duplicate copy of the reputed website’s page with the intention of stealing user’s password, or other sensitive information like credit card details. In our topic, it means creating a page which perfectly looks like Facebook login page but in a different URL like fakebook.com, or faecbook.com, or any URL which pretends to be legit. When a user lands on such a page, he/she might think that is the real Facebook login page, asking him/her to provide his/her username and password. So, the people who do not find phishing page suspicious might enter their username & password. The password information will be sent to the Facebook hacker who created the phishing page. At the same time, the victim gets redirected to original FB page.

Please note that phishing can be done by a third person through emails; that is how it happens most of the time. So always beware of phishing emails, else you may lose your Facebook account, or credit card details, or any other sensitive data. Learn more about phishing.

How could you protect yourself against online FB phishing?

Hackers can reach you in many ways; email, personal messages, FB messages, website ads etc. Clicking any links from these messages would lead you to a Facebook login page. Whenever you find a FB login page, you should note only one thing which is URL. Because nobody can spoof/use Facebook URL except when there are some XSS zero day vulnerabilities, but that’s very rare.

1.     What is the URL you see in browser address bar?

2.     Is that really https://www.facebook.com/ (Trailing slash is very important, since it is the only separator in Google chrome to distinguish domain and sub domain. Check out the below examples to know the difference)?

3.     Is there a green color secure symbol (HTTPS) provided in the address bar?

Bearing these questions in mind should prevent you from getting hacked of online phishing pages. Also, see the below examples of phishing pages.

Some super perfect phishing pages are listed below.

4. Plain Password Grabbing

This is another common method being used to steal Facebook user’s password. Most people are unaware of this method, but traditional hackers use this method to hack user accounts.

How does Plain Password Grabbing works? 

In this method, the Facebook hacker/attacker targets a particularly low-quality website, where the victim is a member, and hacks their database to get the stored plain username & password of victim.

How could the hacker/attacker get access to Facebook?

Many of us use the same password for FB and some poorxyz.com. So, it’s easy for a Facebook hacker to get your password through the low-quality poorxyz.com.

In another scenario, the Facebook hacker/attacker creates a website with the intention of getting victim’s password. Whenever a user signs up or registers his account using email and creates a password, those details will get stored in their database of the hacker/attacher. So, hacker/attacker gets your email and password. Common people, who use same email and password for these kinds of low-quality websites, might end up getting their Facebook account hacked.

 5.   Malicious Mobile Application

All the apps you use in Facebook are owned by the third party and not by Facebook. Of course, there are a few exceptions like Instagram. A malicious application, which is requesting your permission, could do almost all kind of stuff on your Facebook profile.

How malicious Facebook application hack works?

Whenever you find Login using the Facebook option on any website, you should come to know that it is a third party Facebook application not owned by Facebook. When you click Login using Facebook, you will be shown a permission dialog box with the requested permission details. Once you click okay button, the requested details can be accessed from FB or the requested actions can be performed in your FB account on your behalf.

What could a third party application do in your Facebook account?

·         Post photos and status update

·         Share link to your timeline or to any group you belong

·         Manage your page

·         Post on behalf of you on the Facebook pages you own

·         Access your personal information

·         Access your photos including “Only me” privacy photos; sometimes they can access your mobile photos using a Facebook vulnerability like the one I found (Don’t worry, it’s completely fixed now  ).

These are just examples of what could be done. What if the application you are using is malicious? It could spam your Facebook account with a bunch of worthless contents.

6.   Key Logger

A key logger is a software tool used to record keystrokes of a computer or mobile devices. This, in turn, records everything you type using your keyboard and store it for use. Generally, key loggers are installed as application software in operating systems to track key strokes, but there are hardware key loggers as well.

Hardware key loggers also are known as physical key loggers attached to a computer in a USB port records everything before it sends the keyboard data to the computer. There are various mobile key loggers, which perform the same action in various operating systems.

How Key Logging works?

All key loggers run in the background (except trial versions) and won’t be viewable to users until you know the key logger password and shortcut used to view it. It will record all the keys pressed and give you a detailed report of when and what keys are used for what application – Simply, a clean report to identify passwords.

Anyone who is reading the key logger logs might be able to see the Facebook password or any passwords typed and sensitive information, like credit cards, bank username, password etc. Whenever you log in to a public computer, there are chances to get your password hacked.

Hardware key loggers could be easily identified in case of your personal computer, but is hard in case of public computers.

In another scenario, your friend/colleague/neighbor could ask you to log in using their computer as a help. If their intention is to get your password, then you are most likely to get your FB account hacked.

Nowadays, many people are using mobile key loggers. It enables to track the keypad of mobile. So, any sensitive information typed in mobile could be hacked easily.

7.   Browser Vulnerabilities

This method doesn’t let the Facebook hacker/attacker give complete access to your Facebook account, however, gives some power to control your account indirectly. I’ve seen multiple Google Chrome and Firefox add-ons, which secretly perform actions, like following a person, like a page on behalf of your Facebook profile, etc.

How Browser extension Facebook hack works?

When you visit some malicious websites or web pages, you will be prompted to install a browser add-on. Once you install the add-on, it will perform all the tasks described by Facebook hacker or attacker who created it. Some primary actions are posting status updates on your wall, liking a FB page, following a person, adding you to some Facebook groups, inviting your friends to like a page, or join a Facebook group etc. You may not know these things happening in your FB account except when you check your Facebook activity log periodically.

How could you prevent browser extension Facebook hack?

You can monitor your activities using a Facebook feature called Activity Log. You should not trust any third party websites prompting you to add a browser extension. Install add-on only if you trust the publisher. Why should you take the risk if you don’t know the publisher or intention of the add-on? So always stay away from these malicious browser extensions.

 8.   Malicious Facebook Application Hack

You might have seen or downloaded many Facebook account hacker software, but none of them could truly hack Facebook password. Hacking your Facebook password is what it actually does.

How does Facebook account hacker software work?

People who try to hack Facebook account usually download software that is available on various websites. The software will collect the victim’s password (the one who downloaded this software) as soon as it is opened or installed. Some software prompt you to enter Facebook username and password. They will store your password in their database collection of passwords. Few other software gain administrative privilege from you to install background key logger to get your Facebook password.

How could you prevent yourself from Facebook hacking software?

Don’t trust Facebook hacking software. There is no such true hacker software available on the Internet as I have said earlier.

 8.   Malicious Facebook Application Hack

There are a lot of mobile applications that secretly steal Facebook access token from your mobile device. Facebook mobile app functions through API, where access-token stored in your mobile’s internal memory is used for authentication.  It is more like your username and password. So, if someone steals your access-token, then he/she is likely to have full access to your Facebook account.

How malicious mobile application software works?

Facebook Application Interface does not require username or password every time to get user data. It just needs secret access-token to retrieve user’s data. Facebook mobile app stores the access token in mobile’s memory. This app’s part of memory should be accessed only by the application. Mobile apps that have administrative privilege can access other app’s data. For example, gaining admin privilege in a rooted android phone could allow an application to steal your Facebook access token. A hacker can do a lot of malicious things if he/she gets your Facebook access token.

9.   Facebook Account Hacker Software

You might have seen or downloaded many Facebook account hacker software, but none of them could truly hack Facebook password. Hacking your Facebook password is what it actually does.

How does Facebook account hacker software work?

People who try to hack Facebook account usually download software that is available on various websites. The software will collect the victim’s password (the one who downloaded this software) as soon as it is opened or installed. Some software prompt you to enter Facebook username and password. They will store your password in their database collection of passwords. Few other software gain administrative privilege from you to install background key logger to get your Facebook password.

10.  Browser Extension Facebook Hacker

Browser Vulnerabilities are security bugs, which exist in older versions of mobile and desktop browsers.

How does browser vulnerabilities work in Facebook hacking?

Most browser vulnerabilities are exploited through an older version of the browser, since all the zero days are patched by browser vendor once it is reported by researchers around the world. For example, Browser Same Origin Policy Vulnerability could allow a hacker/attacker to read the response of any Page like Facebook and could be able to perform any action on your Facebook account, since they are able to read the response by accessing the Facebook origin. Android Chrome SOP bypass by Rafay Baloch is one such vulnerability that is affecting Android web-view in Android .

11.   Social Engineering

This is the second most common technique of hacking Facebook accounts. In fact, this method shouldn’t come under Hacking, since much knowledge is not required for this method. I am listing this method under hacking to ensure the list of most common techniques being used for FB account hacking in their respective order. Social engineering is basically a process of gathering information about someone, whose account you need to hack. The gathered information includes the date of birth, mobile number, boyfriend/girlfriend’s mobile number, nickname, mother’s name, native place etc.

·         Nickname / Name and Date of Birth Conjunction

·         Boy Friend’s Mobile Number / Girl Friend’s Mobile Number – Most of the lovers 

·         Girl Friend’s / Boy Friend’s Name – Most of the lovers 

·         Boy or Girl Friend Name Combination

·         Bike Number

·         Unused / Old Mobile Number

·         Pet Name

·         Closest Person Name (can be friends too)

Now, be honest and comment here if you are one of the people who have any one of the common passwords mentioned above. Don’t forget to change your password before making a comment 

12  Self XSS

Self XSS is also known as Self Cross Site Scripting. XSS is basically a web security vulnerability, which enables hackers to inject scripts into web pages used by other users. What is self XSS then? Self XSS is a kind of social engineering attack, where a victim accidentally executes a script, thus exploiting it to the hacker.

How does Facebook self XSS scam work?

In this method, hacker promises to help you hack somebody else’s FB account. Instead of giving you access to someone else’s account, the hacker tricks you into running malicious Javascript in your browser console that gives a hacker the ability to manipulate your account. Facebook hackers use this technique to add you in groups, add your friends to the group, post on your wall, add your friends in comments etc.