HOW HACKERS HACK FACEBOOK

ACCOUNT IN MINUTES AND ITS

PREVENTION
By Laxman Muthiyah - Last Modi�ed : July 30, 2017

How to hack a Facebook account

online?
Hacking Facebook / Facebook Hacker is one of the most searched and hot
topics around the Internet like Gmail hacker. I have prepared a detailed list of
how hackers could hack someone’s Facebook account easily in few minutes
and how could we prevent the same. For your information, this is 4000+ words
long article with a lot of useful information so it is not possible for most of you
to read the complete article right now. Keep this url ZeroHacks.com/FB in your
mind to reach this page when you get time to read the entire article.

If you are here to find a way to recover hacked Facebook account then
our facebook recovery article may help you!

Being a FB whitehat hacker, i get these question frequently from people

 Is there any online Facebook cracker tool?
Where can i get FB hacking software?
Is there any free Facebook password finder?
How can i hack someone’s facebook account easily?

To the best of my knowledge there is no such tool, you won’t find it anywhere
and yeah if you google it, you would find many websites claim that they are
providing free hack tool either online or offline but you cannot download the
password file without completing a survey. Even after completing a survey you
get nothing in the end. These things are posted only in the intention of making
money. Don’t waste your precious time in searching such hack tool.

If you want to know how hackers could hack someone’s Facebook account,
please go ahead and read the techniques listed below. The most successful
method among all of these techniques is PHISHING that enables anyone
with no or little technical knowledge to hack Facebook account’s password
easily in few minutes.

Check out this phishing guide to know more about PHISHING!

Some of the techniques listed below are not only applicable to FB but to all daily
used internet websites like Google, Twitter, Yahoo etc.

You won’t be vulnerable

to hacking if you
 understand how hacking
works

This article is made for educating people about how hacking works and how
should they prevent it. Please don’t use these techniques for malicious
purposes.

12 ways to hack someone’s

FB account | Prevention and Safety
Measures – 2017
1. Phishing
2. Social Engineering
3. Plain Password Grabbing
4. Key Logger
5. Browser Extension Facebook Hacker
6. Malicious Facebook Application Hack
7. Facebook Account Hacker Software
8. Malicious Mobile Application
9. Browser Vulnerabilities
10. Self XSS
11. Trojan Horses
12. Facebook Zero Day

1 Phishing
Phishing is the most common technique used for hacking FB passwords. It is
easy for anyone who is having little technical knowledge to get a phishing page
done and that is why phishing is so popular. Many people become a victim of
Phishing page due to its trustworthy layout and appearance.

How phishing works?

In simple words, Phishing is a process of creating a duplicate copy of a reputed
website’s page in the intention of stealing user’s password or other sensitive
information like credit card details. In our topic, Creating a page which perfectly
looks like Facebook login page but in a different URL like fakebook.com or
faecbook.com or any URL which pretends to be legit. When a user lands on such
a page, he/she might think that is real Facebook login page and asking them to
provide their username and password. So the people who do not find phishing
page suspicious might enter their username & password. The password
information will be sent to the Facebook hacker who created the phishing page,
simultaneously the victim gets redirected to original FB page.

Example : John is a programmer, he creates a FB login page with some scripts

that enable him to get the username and password information. John put this
fake login page in https://www.facebouk.com/make-money-online-tricks. Peter
is a friend of John. John sends a message to Peter “Hey Peter, I found a free
trick to make money online easily, you should definitely take a look at this
https://www.facebouk.com/make-money-online-tricks-free”. Peter navigate to
the link and see a Facebook login page. As usual Peter enters his username and
password of FB. Now the username and password of Peter was sent to John
and Peter get redirected to a money making tips
page https://www.facebouk.com/make-money-online-tricks-tips-free.html.
That’s all Peter’s Facebook account is hacked. Kindly note that phishing can be
done by a third person through emails and that is how it happens most of the
time. Always beware of phishing emails otherwise you may lose your Facebook
account or credit card details or any other sensitive data. Learn more about
phishing.

How could you protect yourself from online

FB phishing?
Hackers can reach you in many ways like email, personal messages,
FB messages, Website ads etc. Clicking any links from these messages would
lead you to a Facebook login page. Whenever you find a FB login page, you
should note only one thing which is URL because nobody can spoof /
use Facebook URL except when there are some XSS zero day vulnerabilities but
that’s very rare.

1. What is the URL you see in browser address bar?

2. Is that really https://www.facebook.com/ (Trailing slash is important since it
is the only separator in Google chrome to distinguish domain and sub
domain. Check out the below examples to know the difference)?
3. Is there a Green color secure symbol (HTTPS) provided in the address bar?

Keeping these questions in your mind should prevent you from getting hacked of
online phishing pages. Also see the below examples of phishing pages.

Some super perfect phishing pages are listed below.

Facebook Phishing Page – Note the misleading URL

Most of the people won’t suspect this page (snapshot given above) since there
is https prefix with green colour secure icon and no mistake in
www.facebook.com. But this is a phishing page, how? Note the URL correctly. It
is https://www.facebook.com.infoknown.com so www.facebook.com is a
sub-domain of infoknown.com. Google Chrome do not differentiate the
sub-domain and domain unlike Firefox does.

SSL Certificates (HTTPS) can be obtained from many online vendors, few
vendors give SSL Certificate for Free for 1 year. Its not a big deal for a novice to
create a perfect phishing page like this. So beware of it.

Facebook Phishing Page – Note the misleading URL.

This is a normal FB Phishing page with some modification in the word

Facebook.

Share or Tweet this article with a hashtag

#ZeroHacksQuery along with your doubts or
queries regarding Facebook hacking or
prevention techniques. I will personally
answer them for you!

Do you want to make money online with zero investment? Then do read
our blogspot tutorial to know more!

2 Social Engineering
This is the second most common technique of hacking Facebook
accounts. Actually this method shouldn’t come under Hacking since there is no
much knowledge required for this method. I am listing this method under
hacking to ensure the list of most common techniques used for FB account
hacking in their respective order. Social engineering is basically a process of
gathering information about someone whose account you need to hack.
Information like date of birth, their mobile number, their boyfriend / girlfriend’s
mobile number, nickname, mother’s name, native place etc.

How Social Engineering works?

Security Question

FB-Social-Engineering-Security-Question

Many websites have a common password reset option called Security Question.
Most common security questions would be “What is your nickname?” , “What is
your 10th grade score?” , “What is your native place?” or any custom questions
defined by user. Obtaining these information from the respective people might
let us hack into their account. Facebook too provides security question as
password recovery option. So if anyone get to know the answer of it, they could
hack account using forgot password option.

Most Common and Weak Passwords

Security Question does not let you get into others FB account easily. But setting
a weak password could easily allow any of your friends to hack into your
account. What is a weak password in this scenario? A password which can be
easily guessed by a third person is called weak password. Below are some of
the most common passwords people tend to use in Facebook.

Mobile Number
Nickname / Name and Date of Birth Conjunction
Boy Friend’s Mobile Number / Girl Friend’s Mobile Number – Most of the
lovers
Boy Friend’s / Girl Friend’s Name – Most of the lovers
Boy Friend and Girl Friend Name Combination
Bike Number
Unused / Old Mobile Number
Pet Name
Closest Person Name (can be friends too)

Now be honest and comment here if you are one of the people who have any
one of the common passwords mentioned above. Don’t forget to change your
password before making a comment

How could you protect yourself from Social

Engineering?

Security Question

Don’t have a weak or familiar security question/answer. It should be known only

to you. You can set your Facebook security question here. Additionally FB
provide an option called “Login Alerts” under Facebook Security Settings, you
should add your mobile or email there to get notified whenever your Facebook
account is logged in to a new or unknown device.
Most Common and Weak Passwords

Very simple. Change your Facebook password now if you have any one of the
weak passwords stated above.

You might also be interested in hacking facebook fan page article

3 Plain Password Grabbing

This is another common method used to steal Facebook user’s password. Most
people are unaware of these method but traditional hackers use this method
to hack user accounts.

How Plain Password Grabbing works?

In this method, the Facebook hacker / attacker target a particular low quality
website where the victim is a member and hack their database to get the stored
plain username & password of victim. Here how could the hacker / attacker get
access to Facebook? Many of us use the same password for FB and some
poorxyz.com so its easy for a Facebook hacker to get your password through
the low quality poorxyz.com.

In another scenario, the Facebook hacker / attacker creates a website in the

intention of getting victim’s password. Whenever a user signup or register his
account using email and create a password and those details will get stored in
their db. So they get your email and password. Common people who uses same
email and password for these kind of low quality websites might end up getting
their Facebook account hacked.

How could you protect yourself from Facebook

Plain Password Grabbing?
You should never trust third party low quality websites, even popular websites
like LinkedIn passwords are getting hacked. So never and ever trust third party
low quality websites. Most of the website developers are storing plain
passwords in database without even thinking about encryption or security. This
makes Facebook hackers job easy since the password is stored as plain text.
Best way to prevent this method is to have a unique password at least for
websites that you really trust. Don’t use your FB password for any other
website/portal and that’s when your password will never get exposed.

4 Key Logger
Key logger is a software tool used to record keystrokes of a computer or mobile
devices. This in turn records everything you type using your keyboard and store
it for use. Generally key loggers are installed as application software in
operating systems to track key strokes but there are hardware keyloggers as
well. Hardware keyloggers also known as physical keyloggers attached to a
computer in a USB port records everything before it sends the keyboard data to
the computer. There are various mobile key loggers which performs the same in
various operating systems.
How Key Logging works?
All keyloggers run in background (except trail versions) and won’t be viewable to
users until you know the keylogger password and shortcut used to view it. It will
record all the keys pressed and give you a detailed report of when and what keys
are used for what application – Simply a clean report to identify passwords.
Anyone who is reading the keylogger logs might be able to see the Facebook
password or any passwords typed and sensitive information like credit cards,
bank username password etc. Whenever you login to a public computer, there
are chances for you to get your password hacked.

Hardware key loggers could be easily identified if in case of your personal

computer but is hard in case of public computers.

In another scenario, your friend/colleague/neighbor could ask you to login using

their computer as a help. If their intention is to get your password then you are
most likely to get your FB account hacked.

Now a days many people are using mobile key loggers, it enables to track the
keypad of mobile. So any sensitive information typed in mobile could be hacked
easily.

How could you protect yourself from Key Logging?

You need not be afraid of key loggers when you use your personal computer
since you are the only one who is going to access it. But whenever you use any
public computer or any of your friend’s computer, you should not trust it.

I always suggest my friends to use On Screen Keyboard whenever they are in

need to type a password, also please make sure nobody is checking your screen
while you type your password since your screen would expose what you had
typed. In windows, there is a inbuilt tool called On Screen Keyboard that helps us
to select keys using mouse. You can open OSK by using Run dialog box. WinKey
+ R opens Run dialog box, type osk and then press enter. Now a days many
banking portals provide a screen keyboard in browser itself. So please make use
of it whenever you are surfing in public computers. On screen keyword helps
even when hardware key loggers are installed.
 5 Browser Extension Facebook Hacker

This method don’t let the Facebook hacker / attacker give complete access to
your Facebook account but gives some power to control your account indirectly.
I’ve seen multiple Google Chrome and Firefox add-on which secretly
perform actions like following a person, liking a page on behalf of your Facebook
profile, etc.

How Browser extension Facebook hack works?

When you visit some malicious websites or webpages, you will be prompted to
install a browser add on. Once you install the addon, it will perform all the tasks
described by Facebook hacker or attacker who created it. Some primary actions
are posting status updates in your wall, liking a FB page, following a person,
adding you to some Facebook groups, inviting your friends to like a page or join
a Facebook group etc. You may not know these things happening in your
FB account except when you check your Facebook activity log periodically.

How could you prevent browser extension

Facebook hack?
You can monitor your activities using a Facebook feature called Activity Log.
You should not trust any third party websites prompting you to add a browser
extension. Install add-on only if you trust the publisher. Why should you take
risk if you don’t know the publisher or intention of the add-on? Always stay from
these malicious browser extensions.

6 Malicious Facebook Application Hack

All the apps you use in Facebook are owned by third party and not by Facebook.
Of course there are a few exceptions like Instagram. A malicious application
which is requesting your permission could do almost all kind of stuffs in your
Facebook profile.

How malicious Facebook application hack works?

Whenever you find Login using Facebook option in any website, you should come
to know that it is a third party Facebook application not owned by Facebook.
When you click Login using Facebook, you will be shown a permission dialog
box with the requested permission details. Once you click okay button, the
requested details can be accessed from FB or the requested actions can be
performed in your FB account on your behalf.

What could a third party application do in your Facebook

account?

Post photos and status update

Share link to your timeline or to any group you belong
Manage your page
Post on behalf of you on the Facebook pages you own
Access your personal information
Access your photos including “Only me” privacy photos, some times they can
access your mobile photos using a Facebook vulnerability like the one i
found (Don’t worry its completely fixed now ).

These are just examples of what could be done. What if the application you are
using is malicious? It could spam your Facebook account with bunch of
worthless content.

How could you prevent yourself from malicious

Facebook application hack?
You should always be aware of what permissions you give to a Facebook
application even though FB is reviewing application’s permission requests. Don’t
give permission to an application if you don’t trust the website or application.
FB Application Permission Dialog Box

You can edit the information that you give to an application in the permission
dialog box (snapshot given above). Also you can review the applications that
have access to your Facebook account here.

Share or Tweet this article with a hashtag

#ZeroHacksQuery along with your doubts or
queries regarding Facebook hacking or
prevention techniques. I will personally
answer them for you!

7 Facebook Account Hacker Software

You might have seen or downloaded many Facebook account hacker software
but none of them could truly hack Facebook password. Hacking your Facebook
password is what it actually does.

How Facebook account hacker software works?

People who try to hack Facebook account usually download software that are
available in various websites. It will collect the victim’s password (the one who
downloaded this software) as soon as it is opened or installed. Few softwares
prompt you to enter Facebook username and password. It will store your
password in their database collection of passwords. Few other software gain
administrative privilege from you to install background keylogger to get your
Facebook password.

How could you prevent yourself from Facebook

hacking software?
Don’t trust Facebook hacking software. There is no such true hacker software
available in the Internet as i have said earlier.

8 Malicious Mobile Application

There are a hell lot of mobile applications that secretly steals Facebook access
token from your mobile device. Facebook mobile app functions through API
where accesstoken stored in your mobile’s internal memory is used for
authentication. It is more like your username and password. So if someone
steal your accesstoken then they are likely to have full access to your Facebook
account.
How malicious mobile application software works?
Facebook Application Interface do not require username or password everytime
to get user data, it just needs secret accesstoken to retrieve a user’s data.
Facebook mobile app stores the access token in mobile’s memory. This app’s
part of memory should be accessed only by the application. Mobile apps that
has administrative privilege can access other app’s data. For example, gaining
admin privilege in a rooted android phone could allow an application to steal
your Facebook access token. A hacker can do a lot of malicious things if they
get your Facebook access token.

How could you prevent yourself from malicious

mobile applications?
Install mobile apps only from trusted publishers.
Don’t root your mobiledevice.
Logout Facebook from your mobile device frequently to get your access
token expired.
Change your Facebook password frequently.

9 Browser Vulnerabilities
Browser Vulnerabilities are security bugs which exists in older versions of mobile
and desktop browsers.

How browser vulnerabilities works in Facebook

hacking?
Most browser vulnerabilities are exploited through an older version of browser
since all of the zero days are patched by browser vendor once it is reported by
researchers around the world. For example, Browser Same Origin Policy
Vulnerability could allow a hacker / attacker to read response of any Page like
Facebook and could be able to perform any action in your Facebook account
since they are able to read the response by accessing the Facebook origin.
Android Chrome SOP bypass by Rafay Baloch is one such vulnerability that is
affecting Android webview in Android < 4.4.

How could you prevent yourself from browser

vulnerabilities?
You should always update your browser and operating system once there is an
updated version available. Keeping an older version always have many risk
factors involved.

Also read our how to Unblock YouTube, Facebook and other websites easily
 10 Self XSS Scam

Self XSS also known as Self Cross Site Scripting. XSS is basically a web security
vulnerability, it enables hackers to inject scripts to web pages used by other
users. What is self XSS then? Self XSS is a kind of social engineering attack
where a victim accidentally executes a script, thus exploiting it to the hacker.

How Facebook self XSS scam works?

In this method, hacker promises to help you hack somebody else’s FB account.
Instead of giving you access to someone else’s account, the hacker tricks you
into running malicious Javascript in your browser console that gives hacker the
ability to manipulate your account. Facebook hackers use this technique to
add you in groups, add your friends to group, post in your wall, add your friends
in comments etc.

How could you prevent yourself from self XSS?

Self XSS is something that you let hackers to hack your account Never and
ever copy & paste code given by someone in your browser. Otherwise you
will get your Facebook account hacked.

11 Trojan Horses
Trojan Horse is a malicious program which is used to spy and control a
computer by misleading users of its true intent. Malware Trojan can also be
called as Remote Key Logger since it records key strokes of all the applications
of our computer and send it to the hacker online.

How Trojan Horse Facebook hacking works?

A software you think legit might be a trojan. A PDF you don’t suspect might
contain a trojan. A avi media file given by someone might be a trojan. Trojan
horses runs in the backgroud process, collect information and send it to hacker.
Trojan horses can be sent in any form through any medium like pen drive, ipod,
website or email. In our topic, Trojan records FB password that you have typed
in your browser and send it to the Facebook hacker using Internet.

How could you prevent yourself from Trojan?

Don’t install programs from unknown online sources.
Don’t play media files received from unknown source.
Don’t open any kind of files downloaded from untrusted sources.
Don’t insert pen drive from any suspicious people.
Have an updated anti-virus software installed in your computer.

Having an updated anti-virus software do not guarantee you to stay safe from
hacking. Basically an anti-virus software is a collection of detected malware and
viruses. Its job is to compare each and every file with their database of viruses.
There are many softwares which enable us to create a undetectable Trojans. But
it is very unlikely to target a common man with undetectable Trojanware. So
having a updated antivirus program is some what protective. Don’t forget to
update your anti virus software once their is an update available.

Also see complete list of Facebook smileys to use on Facebook chat!

12 FB Zero Day
Zero day is a security vulnerability that are unknown to the respective software
vendor. In our context, Undiscovered Facebook vulnerabilities are called
Facebook Zero Day.

How Facebook Zero Day hacking works?

FB zero day vulnerabilities are very rare since Facebook runs a bug bounty
program where security researchers around the world participate and report zero
day vulnerabilities. It is basically a security loop hole that is unaware to FB. It can
be any hack affecting Facebook. There are two types of people who find zero
day vulnerabilities. First case is Security Researchers and Bug hunters who make
a responsible disclosure about the vulnerability to the software vendor, FB in our
context. Another case falls under evil side, black hat hackers who find zero day
vulnerabilities don’t disclose it to Facebook and they will use it for their personal
benefit of hacking. A few high severity vulnerabilities discovered in Facebook
bug bounty program are listed below.

Remote Code Execution in Facebook Server

Hacking any FB account using Phone Number
Facebook account hack using legacy API
FB account hack using brute force method
Deleting any Facebook photos

How could you prevent yourself from Zero Day

found by a hacker?
You need not be afraid of a zero day vulnerability affecting FB. As i have said
earlier, zero day vulnerabilities are very rare. In most cases zero day
vulnerabilities are targeted only at influential people and celebrities. It is rare to
target a common man using a zero day vulnerability.

Get all the secret hacks directly to your inbox for free of cost.

Subscribe to our mailing list now!

Email Address *

First Name

Subscribe

Please feel free to share your comments and feedback. Thank you for bearing all
my poor grammar mistakes