One of the easiest ways to hack a Facebook account is called phishing. It’s so popular that it always ends up on top of search results when you try to find out Facebook hacking techniques. Even though Facebook is rather safe, websites such as Hayy are nevertheless able to hack a great deal of accounts. Simply put, a “phisher” is a fake login page. Hackers create these pages to dupe an unsuspecting account holder into parting with his account information.
Phishing is usually done by way of emails. You might have seen an example of this yourself. You may recall at one point receiving an email that came supposedly from Facebook or another similar site. It would say that there has been some recent security breaches and that your account may have been affected. It will go on to suggest that you go and change your password to ensure that your account stays safe and secure. Then a link is listed to “redirect” you to the login page.
Usually, these links look nothing like your usual Facebook URL. But if you click on them, the page does look exactly like Facebook. So you may feel that something is off, but you really can’t identify where the problem may be. So you go ahead and do what’s asked. You enter your login credentials. After submitting, you’re either sent to another page that also looks quite legit, or you’re told that there’s an error with the submission and to just do it again.
You may not be fully aware, but you’ve just given out your username and password to a hacker.
But email phishing attempts like these aren’t the only ways to fool you into willingly parting with your information. There are also those ads that excitedly proclaim you’ve won something. When you click on them, you’d be asked to enter your details so you can “claim” your prize. Except nothing really happens. There are also those links within Facebook itself, saying your friend so and so is involved in a really scandalous and salacious video. For you to “view” the said video, you’d again have to enter your details. This is regardless of the fact that you’re already logged in.
Again, there are many ways to phish for information. And it all starts with the creation of one fake page.
1. First, you will need a fake login page for Facebook and a Php script to redirect and capture your intended victims’ passwords. Files of this type can be downloaded from the internet. For the purposes of this demonstration, we are using one from ziddu.com.
2. After downloading the files you need (that would be fake.html and login.php), make sure you get the password.
3. Open login.php with a notepad.
4. Hit Ctrl + F and look for the term www.enteryoursite.com
5. Replace this with the site address where you want your victims redirected to.
6. Save the file.
7. Create a free web hosting site. The more common ones people use are 110mb.com, T35.com and ripway.com.
8. Upload the files to your chosen hosting account.
9. Send the fake.html link to the intended victims.
Once the victim enters his data on the fake login page and clicks login, he will be redirected to the site the hacker created. On this note, it’s important to advice the use of a proper site for the redirect. Otherwise, he will get suspicious.
Anyway, after all the credentials has been entered, they will all be made available on the hosting account. In the site 110mb.com for example, a new file named “log.txt” will appear. Once you open it, you will see the victim’s user name and password listed down.
And that is how a fake login page lets you hack a Facebook account