Do a search engine query on Facebook hacks. I would bet big bucks that the first one to appear on the results involves phishing. It really is the most popular way to hack a Facebook today.
Phishing: A FB hackers preferred tool
So here we explain exactly what phishing is, how hackers use it to take over your account and what you can do to protect your Facebook account form it.
According to hackers, phishing is the best technique because it’s very simple to use. The approach steals usernames and passwords from the victims’ Facebook accounts without them even realizing it. How is it done? Well, a hacker will simply create a fake HTML page that perfectly impersonates the way the actual Facebook login page looks.
Here’s the step by step guide to doing it.
1. Go to the Facebook home page.
2. Right click on the page and select “View Page Source.”
3. When the new page appears, copy the code.
4. Paste the code into a notepad.
5. Save the file using a .htm extension.
That’s it. The next step is simply creating catchy ads. These ads go along the likes of “Get a free iPad for every 100 shares” or “Earn money with so and so” or even the scandalous “Watch (celebrity) dance naked while drunk.” These are forwarded to the fake Facebook login page.
Now let’s talk about how the actual hacking process takes place. The fake Facebook login page has already been created. The ads will be sent to various people or placed on targeted websites. Anyone clicking on them will be redirected to the phony Facebook page. The victim will be asked to enter his username and password on the clone site. Once he enters his information, it is extracted and stored in a database. The hacker will just need to access the files on the database to get the login details. From there, it’s a simple matter of logging in with the stolen credentials and he can do whatever he pleases with the hacked Facebook account.
Identifying the fake pages
How then, can you identify a phishing page from the real Facebook page?
The answer is simple. Check the URL.
The original Facebook URL is http://www.facebook.com. Domain names cannot be used if someone is already licensed to use it. That means as long as the URL looks like the one above, it’s the legitimate site.
A phishing site’s actual page will look exactly like the original. But the URL will be different. It will never have http://www.facebook.com because that’s already in use. Instead, sites like BluePortal could have a variation of it, or in most cases, the word Facebook won’t even appear in the URL at all.
Now that you know what phishing is and how it is done, take a look at how you can protect your account from such attacks.
Always verify that the site you’re on is legitimate.
Phishers will redirect you to malicious websites thazt look exactly like the real deal. Always look at the URL to see if you are on the real Facebook domain.
Check unfamiliar links provided by other Facebook users.
Your friends’ accounts may have been hacked without you or them knowing. If anyone on your friends list shares a link with you, take the necessary steps to verify that it isn’t malware before opening the link. A simple method to identify if the site is legit is to place your cursor over the link. In most cases, a floating window will appear. It will display the true web address of the link.
Do not recycle passwords.
As much as possible, use different login information on your accounts. This way, even if your Facebook account is hacked, you don’t give hackers ammunition to hack into your other accounts as well.
Use a browser that tracks phishing websites.
Some browsers will warn you if you are accessing a site that has been flagged to have malicious content. Internet Explorer 8 and Firefox 3.0.10 are some examples.
Receive phishing updates from the Facebook Security Page.
Allowing this lets Facebook alert you of any new phishing hacks you need to watch out for.
Finally, since most malicious content are designed to go viral, do your friends a service and let them know whenever you run across any phishing attempts. This lets them take steps to protect their own accounts as well.