It is no surprise by now that everyone has a social media account. However, Facebook is the world’s most renown social media outlet that has over a billion people on it. Hence the reasoning behind so many social scandals wanting to gain access to Facebook.
I actually get asked a lot “How can I hack someone’s Facebook Account?” or “Can you hack this Facebook account for me?”. My answer to those emails are a short response, in which I state “I cannot educate you upon the exploitation of Facebook or www.facebook.com. I will not gain unauthorized access of any social media account for any reason.”
Until now.
Here, I will show you how other “Hackers” are using methods to gain access to your Facebook page, and even inform you on how to prevent yourself from being a victim.
Our first method of gaining access to your Facebook credentials is by means of “Phishing”. No, don’t go get your tackle box and head to the lake.
In order for a hacker to perform a Phishing attack on any one, they would need a hosting services. You can get free hosting services from 110MB or Byet Internet Services.
Once the attacker has setup a free false hosting account, now they will need only 3 files. These files are important to the process as they are login.php, Phishing.php, and passwords.txt. These scripts are setup and programmed so that they resemble the Facebook login page. Once you land on the fake Facebook login page, which is login.php, you would normally login with your email and password. Now the Phishing.php kicks in and stores the information on a specific location on the hosted server. The passwords.txt is left blank as people will often fill this up as they enter their information.
Now when the attacker/phisher has these three files uploaded on their new server, they send the URL (“fakebook.com/login.php”) to a victim via email.
When you get the initial email, it may have some verbiage stating something such as;
“We have noticed some illegal activities with your Facebook Account. Please use the this link to login and correct the actions.”
or
“Please follow us on Facebook, by clicking here”.
While those are the short versions of what may be included in your email, the main goal is to get you to open the email and login to Facebook on their fake Facebook login page. Once you have complied with their requests, they have control over your entire Facebook page.
Now that we know how they can gain access to your Facebook page, let us review on how you can prevent your information from going onto their server, and how you can trace them and report the criminals to local authorities.
Step one in the investigation, is open the link. Any time you visit Facebook the URL is and always will be https://www.facebook.com/?_rdr=p to login. When you open the link, if the above URL does not match, or you get something like www.fakebook.com/login.php then you know that it is a fake link. Don’t login! As it is setup and resembles the exact login page for Facebook, don’t login.
Now there are two effective ways in tracing the phisher. You will need both methods and record information (Screen Shots works best) to report it to the local law enforcements. From there they will push it to other law enforcements in which can include the FBI if there are several reports upon this same phisher.
When you first see the URL bar and it is not the original Facebook URL, then I would copy the entire URL and use a WhoIs service. Who Is allows you to find the information regarding the person who bought the Domain Name (URL). I would use WhoIs.Net for my domain name searches.
Once I have a record of who purchased the domain, I would take a screen shot (Or use my camera phone) and save that. This will be helpful for the authorities later in their investigation.
Now, going back to the initial email. If you are using Google, this is a snap. Open the email and on the far right upper corner of the email itself is a dropdown section. This allows you to select “See full header”. Basically, this will then bring up a small window showing you the IP address and the time stamp of the email sent from one location and received by your location. Again, this is another important aspect to the research, so screen shot or use your camera.
Now that you see the full header, you can simply copy the entire alien language that you see. Now we can easily use an online script service that allows us to find the exact IP of the sender. I use ArulJohn.com for the headers. Now we will receive an IP address. Now for our last step in tracing, we can use another online services to trace the IP address. I personally use GEOBytes. It is easy and quick. The results are 100% effective, or at least on the 250+ IP’s I have run through there.
Now you will see the sender’s information such as Country, State, City/town, Address, network carrier, etc. This is extremely helpful to the law enforcements, so we will take one more screen shot.
Awesome, now you have this much information, now you can print it out, put it on a thumb drive, or send the information VIA email to the officer in which you talked to about the phisher.
So let us recover here. We have an unknown email saying that we need to log into Facebook, and provides us with a link. We know that Facebook is secure by using https, and does not have any fake names (“Fakebook”). We know how to trace the Domain Name (“URL”), and obtain and trace the IP of the original email. Now we can use all of that information and get it to the local law enforcement. The sooner they have that information, the faster they can catch this phisher.
While there are a few other ways to obtain your login information, such as Facebook.exe (a program that uses Facebook from a program on your Windows Desktop instead of going to the browser), we have learned the biggest means of Facebook Phishing and how we can prevent ourselves from being a victim.
Another great way to protect yourself on Facebook, is by enabling the 2 part login factor. This means that when you (or someone else) logs into Facebook on a new computer, browser, IP, etc. then your phone will go off telling you to input the code given. You can type the code into the page where it asks and you will then have access to your Facebook account. It is also recommended that you log out of every session, except on the computer and your phone that you use on a daily basis.
Great article! But 2 part logins always fail for me. I use Linux Mint on my laptop, and if I enable 2 part logins, I’m always told to put in a code sent to my phone. Even Google Mail “thinks” several times a week that me logging in from linux is an oddball occurrence.
Last week I received a notification that claimed it was from facebook. It said there was a complaint against me and my profile picture. My friend told me to check my security and get a new account.