Despite the fact that over the years there have been several incidents related to security on Facebook, many continue to use this social network. Moreover, the number of new users is constantly growing, which allows Facebook to set new records. As of December 31, 2017, the monthly Facebook audience was 2.13 billion users, the average daily – about 1.4 billion.
Part of our lives goes to Facebook. We share our birth dates and anniversaries, talk about our vacation plans and share your current location. We share the dates of the birthdays of our children and the dates of the death of the parents. We talk about the most pleasant events and heavy thoughts. In general, we disclose many aspects of our lives. There are even entire books written by clinical psychologists that describe in detail how powerful Facebook has on our emotions and relationships.
However, we often forget that we are under surveillance.
We use Facebook as a means of communicating with friends, but there are people who use this social network for malicious purposes. We disclose information that others may use against us. Attackers know when we are not at home, and how long our absence will last. They know the answers to secret questions and, in fact, can steal our personal data using the information that we voluntarily indicate in the public profile.
The most unpleasant thing is that the more technological our lives become, the more vulnerable we become for attackers. Even if we share incomplete information in the public domain, in case of urgent need, knowledgeable people can gain access to our email and Facebook account in order to fill in the informational gaps regarding our personal data.
In fact, you don’t even need to be a professional hacker to gain access to someone else’s Facebook account.
The process of accessing your account can be no more complicated than installing the Firesheep extension. Moreover, on Facebook you can access someone else’s account even without a password. You only need to choose three friends to send the code. Next, you enter the three received codes and gain access to your account. It doesn’t get any easier.
In this article, I will show you several ways that hackers and ordinary people can access their Facebook account. After the description of each method, a method of protecting your account from a specific method will be given.
How to Get other People’s Passwords on Facebook
Method 1: Reset Password
The easiest way to access someone else’s Facebook account is to reset your password. Implementing this method is easier for those people who are in the list of friends of the person whose account you plan to hack.
- The first step is to get the email used during authorization (for example, in the section with contacts in the profile). Hackers use utilities like TheHarvester. More information on this topic can be found in this guide.
- Click on the link Forgotten account? and enter the victim’s email. After the account appears, click on This is my account.
- You will be asked if you want to reset your password via email. Since we will be accessing by other methods, click on No longer have access to these?
- You will be asked how can we reach you? Enter the email address you have access to. This address should not be linked to any Facebook account.
- You will be asked to answer a question. If you know the victim well, you can probably answer this question. Otherwise, you can try to find the answer. If the correct answer is found, you can change the password. Next, you need to wait 24 hours to log into the victim’s account.
- If you could not find the answer to the question, click on Recover your account with help from friends. Next, you will need to select from 3 to 5 friends to whom the code will be sent so that you can regain access to your account.
- Passwords will be sent to the selected friends, which must be entered on the next page. You can either create from 3 to 5 fake accounts and add as friends to the victim, or select those friends who agree to share the password you sent.
- When registering with Facebook, use a separate and blank email address.
- The secret question should be such that the answer could not be found on the basis of information from the public profile. No animal names or anniversaries. Even the names of primary school teachers should not be used as this information can be found in the alumni album.
- Choose three reliable friends to whom the password will be sent. Thus, you can protect yourself from sending a password to random acquaintances who intend to gain access to your account.
Method 2: Using Keylogger
A software keylogger is an application that reads all keystrokes on the keyboard without the knowledge of the user. This application must first be manually downloaded to the victim’s computer. Then the keylogger starts working in the background and intercepts all keystrokes. You can configure it so that all the collected information is sent to e-mail.
To get started, you can read the manual for installing a keylogger on a target computer. If this method does not suit you, you can search for free keyloggers or try to write your own in C ++.
Hardware keyloggers work just like software spies, except that you need to connect a USB flash drive with software to the victim’s computer, where all captured keystrokes will be saved. Subsequently, you only need to insert the USB flash drive into your computer and extract the collected information.
There are several varieties of hardware keyloggers. Models like Keyllama must be connected to the victim’s computer and can run on any operating system. You must have physical access to the device in order to receive the collected information. Alternative: Wi-Fi keyboard spy. Collected information can be sent by e-mail or downloaded via Wi-Fi.
How to protect yourself
Use a firewall that will monitor network activity and be able to track suspicious operations, since keyloggers usually send collected information via the Internet.
- Install password manager. Password managers will automatically fill out all important forms without using a keyboard, and keyloggers can only intercept keystrokes.
- Install updates on time. As soon as the development company finds out that vulnerabilities have appeared in the application, work on creating patches begins. Older software versions may cause additional holes in your system.
- Change passwords. If you still don’t feel secure, you can change your passwords once every two weeks. At first glance, this approach seems too radical, but on the other hand, passwords stolen by attackers will lose relevance too quickly.
Method 3: Phishing
Although implementing this scenario is much more difficult than the previous two, phishing remains one of the most popular ways to gain access to someone else’s account. The most popular type of phishing involves creating a fake login page. The link to this page is usually sent to the victim’s mail and is no different from this authorization form. One of the difficulties is that you need to create an account on a web hosting and, in fact, the fake page itself.
The easiest way to create such a page is to read the website cloning guide. Then it will be necessary to refine the form so that the information entered by the victim is stored somewhere. The implementation of this method is complicated by the fact that, on the one hand, users have become very careful, on the other hand, phishing filters in email services are constantly improving. However, nothing is impossible, especially if you clone Facebook completely.
How to protect yourself
- Do not click on suspicious links in emails. If the letter suggests authorization via the link, be careful. Check the URL first. If you still have doubts, log in directly to the Facebook website.
- Phishing is not necessarily done via email. Links can be distributed through websites, chats, text messages and so on. Even pop-up advertisements can be harmful. Never click links that look suspicious, and especially those that ask you to enter any confidential information.
- Use antivirus programs and applications that protect against web threats (Norton, McAfee, etc.).
Method 4: Man in the Middle Attack
If you are close to the target, you can provoke the victim to connect to a fake Wi-Fi network to steal accounts. Utilities like Wi-Fi Pumpkin allow you to create fake Wi-Fi networks based on a wireless network adapter and Raspberry Pi. After you’ve got close to the target with the configured equipment and the victim is connected to a fake network, you can analyze the traffic or redirect to a fake login page. You can even replace individual pages without touching the rest.
How to protect yourself
Never connect to open (and unencrypted) Wi-Fi networks.
- Be especially wary of networks outside public places. For example, a network called Google Starbucks should be suspicious if there are no Starbucks establishments within a few miles. Since hackers have already collected some data for you, your computer or phone will connect to a fake network, since the name of this network has already been used before.
- If you are having trouble connecting to a Wi-Fi network, look at the list of neighboring networks for any copies of your network names.
- If the router asks you to enter a password in order to turn on the Internet to update the firmware or shows you a page with a lot of grammatical errors, it is very likely that you are connected to a fake hotspot and someone is trying to steal your account.
More advanced users can read two more guides: Same Origin Policy Facebook hack and Facebook Password Extractor (the second method is a bit simpler).
How to protect yourself
- In the Account Settings in the Security-related section, select the check box next to the Secure Browsing option. Firesheep will not be able to intercept cookies if you work through a secure protocol (for example, HTTPS).
- Permanently enabled SSL. Use the HTTPS-Everywhere and Force-TLS extensions for Firefox.
- After completing work with the site, end the authorization session. Firesheep cannot support authorization if you are logged out.
- Use only reliable Wi-Fi networks. A hacker can sit near you at Starbucks Cafe to scan your mail without your knowledge.
- Use a VPN. Since in this case all your traffic will be encrypted, even if an attacker intercepts information using fake Wi-Fi, then he will not be able to extract anything useful.
Social networks allow you to keep in touch with old friends and meet new people. You can create events in a few clicks, send greeting cards, declare love to parents and the second half.
Even taking into account the existing hacking capabilities of your account, which we have examined, it’s quite possible to use social networks and remain protected. One has only to take certain measures and think a few times before you want to publish something on your profile. The less information you publish, the more difficult it is for hackers to access your account.
If your Facebook account is suddenly hacked, this guide describes the steps to restore access to your account.