Facebook has become an essential part of our daily life. We share our life
moments, photos, videos and text msgs on Facebook. But, when it comes to
your privacy and security, you can never be sure on the internet.
Facebook and similar websites try their best to ensure the user’s
privacy and security but there are still many issues that can cause the
hacking of Facebook accounts.
So let’s not ignore this and try to understand how a hacker can hack
the Facebook accounts and let’s understand how to safeguard Facebook
accounts against hackers.
Top 10 Methods used By Hackers For Hacking Facebook Accounts
1. KeyLogging
Keylogging is one of the easiest ways to hack a Facebook account. A
keylogger is a program that records and monitors the user’s input and
keeps a log of all keys that are entered. The keylogger can actively
send your inputs to hackers via the Internet. You have to be very
careful while dealing with keyloggers because even the computer experts
become victims of keylogging.
How to detect Keyloggers?
- Scan your USB drives before using them
- Download software from trusted sites only
- Use a good antivirus
2. Phishing
Phishing is very easy and considered as n00b technique but it is one
of the most effective techniques of Hacking a Facebook account. There is
50-50 chance for a hacker to get victims password using Phishing if
your victim is not aware of basic internet terminologies. There are
various ways of carrying out a phishing attack. The most common one is
where a hacker creates a replica of a login page which looks like the
real Facebook page. The victim will then think it’s the usual login
The most common Phishing to create a duplicate of a login page which
looks like the real Facebook page. The victim thinks it’s the usual
Facebook login page so he enters his login details in phishing page.
Once the victim is logged in through the fake page, the email address
and password are stored in a text file or in hacker’s database.
How to detect Phishing Page?
- Check URL of the login page.
- Never login your Facebook account on other devices.
- Use Modern web browsers that identify the phishing page.
- Avoid emails or text msgs that ask you to log into your Facebook account.
3. Session hijacking
When you log in to your Facebook account, your browser and the
facebook’s server maintains a session for user authentication. The
session details are saved in your browser’s cookie files. In session
hijacking, the hacker steals those cookies and then access the victim’s
account. Session hijacking is most common when accessing Facebook on an
HTTP (non-secure) connection and it is widely used on LAN and Wi-Fi
connections.
How to avoid Session Hijacking
- Do not use Facebook when connected to shared Wi-Fi or LAN.
- Try to clear cookies every 2-3 days or if possible daily
4. Saved passwords
Most of the time we share our login and credit card details in the
web browser. Anyone can see your Facebook account from your browser’s
password manager. A hacker can get physical access to your computer and
insert a USB programmed to automatically extract or retrieve saved
passwords in the Internet browser or any other information the hacker
may need.
How to avoid Password Hacking?
- Try not to save passwords in web browsers
- Do not share your device with people
- Block the device connectors
5. Sidejacking with Firesheep
Firesheep is a tool that used to carry out sidejacking attacks. It
only works if the victim is connected to the same Wi-Fi. It is similar
to session hijacking but it only works in Wi-Fi networks.
How to avoid Sidejacking
- Do not use Facebook when connected to a public Wi-Fi network.
6. DNS spoofing
If a hacker is on the same network which is connected to the Victim,
he can change the original page and replace it with his own fake page
and easily gain access to the victims Facebook account.
How to Avoid DNS Spoofing?
- Always configure it to be secure against cache poisoning
- Manage your DNS servers securely
7. Man in the middle attacks
In this method, the hacker secretly relays and possibly alters the
communication between the server and victim who believe they are
directly communicating with each other.
The hacker makes independent connections with the victims and relays
messages between them to make them believe they are talking directly to
each other over a private connection, when in fact the entire
conversation is controlled by the hacker.
The Hacker must be able to intercept all relevant messages passing
between the two victims and inject new ones. This is straightforward in
many circumstances; for example, an attacker within reception range of
wireless access point can insert himself as a man-in-the-middle.
How to avoid MIME attacks?
- Use VPN services
- Use a proxy server to access the internet
- Use good antivirus with good firewall options
8. Social engineering
Social engineering is a simple method that’s based on collecting as
much info from the victims as possible. The information may include the
date of birth, phone number, security questions etc. Once a hacker gains
access to this info, he can brute force the info or use recovery
methods to get login passwords.
How to avoid Social Engineering
- Never share personal info via email or phone
- Avoid links from unknown or suspicious sites
9. Botnets
Basically, botnets are networks made of remote-controlled computers
or bots. These bots have been infected with malware that allows them to
be remotely controlled. It’s expensive to set up botnets and this makes
them be minimally used in cases of hacking Facebook accounts. Some very
popular botnets include spy eye and Zeus.
How to avoid Botnets
- Keep all your software up to date
- Ensure that your firewall is always on
10. Email ID hacking
With this method, the hacker only needs to access the connected email
id of any account and then reset the Facebook password manually.
How to avoid email ID hacking
- Enable 2 step authentification in your Gmail account
- Use strong passwords
- Avoid entering email on scrupulous sites
