Facebook accounts are
an often overlooked gateway into an individual’s personal life.
We,
as social networking users, have few reservations about posting our
photos, location, plans to travel, private outbursts, and information
regarding friends, family and work. We include names, phone numbers,
email addresses, GPS coordinates and the list goes on and on. But you
ask “What’s to worry? After all, I am only posting this information for
friends and family to see, right?”. The simple answer is no. Facebook hackers want your information.
The truth is that many of your friends’ and family’s accounts are being hacked every
day. By successfully compromising your Facebook account an attacker
has unlimited access to a wealth of information about you, your friends
and your family. In addition, if a hacker gets your Facebook password, I think it’s reasonable to assume that he could then take over your email accounts, bank accounts, and other private information as
well. The following 3 Methods of Facebook Hacking are something that
everyone should make themselves aware of. When you have learned the
attacker’s methods you can begin to protect the information that you so
freely give out on the internet.
1. Social Engineering:
Generally the first thing a hacker will do is to find a way directly to your inner circle. One way an attacker might start is by ”friending” some of your closest friends, family and coworkers on Facebook. Once enough mutual “friends” are built up, they will eventually work their way up to sending you a friend request. It may appear to come from a name that you know, or perhaps some curious account with a hot profile picture to grab your attention. Either way, you look at all the mutual friends list and you click “Confirm” on the friend request, allowing the attacker access to a gold mine of information.Once the attacker is on your “friends” list he can see all of your photos, friends and family that you talk to the most, your daily activities and more. In addition, he may be able to access your email address, phone number, the schools you went to, and where you currently work.
Generally the first thing a hacker will do is to find a way directly to your inner circle. One way an attacker might start is by ”friending” some of your closest friends, family and coworkers on Facebook. Once enough mutual “friends” are built up, they will eventually work their way up to sending you a friend request. It may appear to come from a name that you know, or perhaps some curious account with a hot profile picture to grab your attention. Either way, you look at all the mutual friends list and you click “Confirm” on the friend request, allowing the attacker access to a gold mine of information.Once the attacker is on your “friends” list he can see all of your photos, friends and family that you talk to the most, your daily activities and more. In addition, he may be able to access your email address, phone number, the schools you went to, and where you currently work.
Armed with this information the hacker can now move on to the next
level of attack, attempting to access your login details and other
private information.The lesson to be learned here is “Don’t accept
friends requests unless you’re darned sure you actually know the person
on the other end”. Either confirm the friend request by phone, by
sending a private Facebook message asking for some specific details, or
by only adding friends where you have initiated the friend request.
2. Brute Force:
Once the hacker has gained access to the names of your cats and dogs, children’s names, birthdays, etc he will begin the process to brute force your Facebook password. This means he will make repeated attempts to log in to your account using a list of words and variations taken from the information you post to your account. If the information gleaned from your profile, posts and photos does not yield a hit, he will move on using automated applications and dictionary files to attempt to crack the password. There are a bunch of tools that claim to do this automatically, one only has to perform a quick Google search to find a page full of options.
Once the hacker has gained access to the names of your cats and dogs, children’s names, birthdays, etc he will begin the process to brute force your Facebook password. This means he will make repeated attempts to log in to your account using a list of words and variations taken from the information you post to your account. If the information gleaned from your profile, posts and photos does not yield a hit, he will move on using automated applications and dictionary files to attempt to crack the password. There are a bunch of tools that claim to do this automatically, one only has to perform a quick Google search to find a page full of options.
A potential user of brute
force applications can find unlimited tutorials on sites like YouTube.
With the availability of tools like this, I suspect anyone with a
keyboard has the potential to get your password if you aren’t careful.
However, if you use long passwords, consisting of numbers, upper and
lower case letters plus a special character (e.g.- %,$,!,@), I think you
should be a bit safer from these brute force types of attacks.
3. Phishing:
According to Wikipedia, “Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.”In layman terms this means phishing is the act of a hacker creating a clone of a well known website login page, such as Facebook or your bank, with the hopes of tricking you into inputting your username and password on the page. Once you type your information into the login form, and click the submit button, your name and password are added to a database or sent to a fake email address controlled by the hacker.
According to Wikipedia, “Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.”In layman terms this means phishing is the act of a hacker creating a clone of a well known website login page, such as Facebook or your bank, with the hopes of tricking you into inputting your username and password on the page. Once you type your information into the login form, and click the submit button, your name and password are added to a database or sent to a fake email address controlled by the hacker.
A hacker can use any of several methods to grab your Facebook
information through phishing techniques. The easiest way is to create a
fake Facebook login page, put it on a free hosting service and then
send you an email or Facebook post with a link to the page. The problem
with this method is the fact that the domain name in the link and your
browser address bar should be a dead giveaway as shown in the image
above.
Another, more popular method is to use a technique called “tab nabbing“.
Tab nabbing is an exploit where an attacker sends you a link to a
regular looking web page such as a game or a video. When you switch to
another tab in your browser, the original page does a quick refresh to a
fake Facebook, bank or email login page. The tab-nabbing exploit takes
advantage of user trust and inattention to detail in regard to tabs.
Many internet users don’t bother to look at the URL of a tab they’ve
already been on. Here is a video example showing how a simple
tab-nabbing attack works.
When attempting to compromise the account of a more experienced
internet user, hackers may utilize a combination of tools for a more
sophisticated attack. Some of these tools include ettercap and the Social Engineer Toolkit’s Credential Harvester. With this type of attack the hacker can manipulate your DNSconfiguration,
the service that translates domain names to IP addresses. Once your
DNS has been changed all of your internet requests to www.facebook.com
will go to a server under the attacker’s control. This type of attack
is very difficult to identify because the actual domain name
Facebook.com will appear in your internet browser address bar.
6 Simple Steps To Keep Your Account Safe:
- When logging in to your Facebook account, always double check the URL in your browser’s address bar
- Use long, complicated passwords that utilize upper and lower case letters, numbers, and special characters
- Do not post personal information to your Facebook profile (e.g.- phone numbers, email address, etc)
- Review and adjust your privacy settings, in both your browser and your Facebook account, on a regular basis
- Only allow people on your “Friends” list that you have personally sent a friend request to, do not accept blind requests!
- If you do accept a friend request from someone, make certain that you have verified the person on the other end using some other means.
The internet brings convenience, business growth, and the opportunity
to share your thoughts and memories with friends and family. It also
allows an attacker unlimited access to your life and private
information. By following a few simple guidelines, you can keep
yourself a bit safer on social networking sites like Facebook.com.
Source: http://beforeitsnews.com/alternative/2013/01/3-ways-facebook-hackers-target-your-account-2540194.html