Saturday, October 28, 2017

10 Ways Hackers can Hack a Facebook Account

By egg nog

10 Ways Hackers can Hack a Facebook Account


Mark zuckerberg wrote a program named "Facemash" as a second year student in Harvard University which led to the development of Facebook - a popular social media site that allows their users to make profiles, transfer photographs and video, send messages and stay in contact with companions, family and associates. By the second quarter of 2017, Facebook had 2 billion monthly active users. which makes Facebook to be a preferred target of hackers. In this post i will list you the Top 10 ways hackers can hack your Facebook account.
Also read How to protect your Facebook account from getting hacked
Also read 10 Amazing Websites that you should make use of in 2017


1. Phishing

Phishing is an attempt made by an hacker to steal your username and password by sending you a phishing link. Once you click on the link you will be redirected to a Fake Facebook login page which looks exactly like the genuine one. But if you unknowingly entered your login credentials in this fake login page then the username and password will be stored in the log file of the hacker and can be used to take control of your FB account. In 2016 the total number of unique phishing reports received is 1380432.

Phishing types

  • spear phishing.
  • clone fishing.
  • whaling.


2. Reset password

In this technique the hacker enters your username or mail id and clicks on Forgotten your password? and selects the account.It will ask if you would like to reset the password via the victim's emails. This doesn't help, so the hacker will click on No longer have access to these?
It will now ask How can we reach you? the hacker will type in an email that he has already created and is not linked with any other FB account.
➤Now the hacker will be left with a security question to reset the password. The hacker will make an educated guess. If he figures it out, he can change the password. Security questions are generated automatically if not set and some be like "In which city where you born?" So it won't be hard for the hacker. Now the hacker has to wait 24 hours to login to their account and the reset password link will be sent over to the new e-mail. 
If the account holder logins within this 24 hours this techniques fails and also won't be successful for secured accounts.

3. Keylogger

Keylogging is one of the techniques used by hackers. In which the hacker installs a small piece of software called keylogger on the victims machine. Which runs on the background and records every keystroke which is typed on the keyboard and also with various others features. Hardware keylogger is also used in which the software is installed in an USB and is connected to the victim PC to record the keystrokes.


4. Saved Passwords from Browsers

The browser asks us to save passwords whenever you login to a website. When you allow your browser to remember your login credentials. All usernames and passwords which are saved can be viewed with an single click. Always try avoiding to save passwords in browsers. You could rather use a password manager like LastPass to save your passwords.

5. Man In The Middle Attack (MITM)

A man in the middle (MITM) attack is done when a hacker positions himself in between a user (client) and the network application (server) either to eavesdrop or to harvest confidential information from the users. MITM has two phases: interception and decryption. To avoid these types of attacks use a VPN service and avoid using Public Wifi networks.


6. Viewing Masked Passwords

ShowPassword is an extension that helps you to view the masked password from the login page. The masked passwords can also be viewed by right clicking on the masked password and click on inspect element and change the input type from PASSWORD to TEXT.

7. Session Hijacking

If you are using an HTTP connection an not HTTPS. This makes it easy for the hacker to intercept in the network and sniff out the session cookie from your browser and use them to authenticate on the website. This technique is implemente on LAN and Wifi users.


8. DNS Spoofing

When the Hacker and the victim are using the same network. The hacker can implement a DNS Spoofing attack to redirect the user from using the genuine Facebook page to his own fake login page and thus taking over the Facebook account easily.

PREVENTIONS

  • Managing DNS servers securely.
  • Avoid using a shared network.
  • Configure it to be secured against cache poisoning.


9. Sidejacking - Firesheep

Sidejacking is the way towards taking somebody's entrance to a site, commonly done on remote open systems. To sidejack access to a site, the hacker performing utilizes a bundle sniffer to acquire a decoded cookie that awards access to a site. Firesheep is an extension for the Firefox browser that uses a sniffer to catch decoded session from sites like Facebook and Twitter. This module spies on Wi-Fi correspondences, tuning in for session cookie. When it identifies a session cookie, the device utilizes this to get the info of that session. The gathered info are shown in a side bar in Firefox. By tapping on the name, the session is controlled by the hacker.

10. Logout

Most common mistake many users do is not logging after using Facebook. This will leave your account open and whoever gets access to that device can get full access to your account and can impersonate you.



I hope you will find this post to be useful, I would be very grateful if you’d help it spread by sharing it to a friend or on Facebook. Thank you!

0 comments:

Post a Comment