Of many requests I have gotten as a web designer, a large chunk of them usually come from scammers. What do they want? They want me to help them hack through Facebook profiles. Knowing how this works will help you secure your accounts even further.
For the records, I have never, will not and do not develop phishing websites. This is for education purpose.
Phishing is a method of taking people’s personal data illegally such as passwords, bank card numbers, and other information. Knowing the mechanism involved will help you identify one when you see it.
The simple way hackers get access to your password is by using HTML & PHP. They use the source code of the Facebook login page to develop what looks like a Facebook login page. Within the HTML, they link a PHP code that picks up your username and password if you ever type them on the login page.
Your username and password are saved on a TXT file and this way they can just open the text file, see your username and password. This is a simple thing to do with a little working knowledge of HTML & PHP.
Now, they get you to log in by sharing the link to you. For example, you may see stuff like “LEAK: See how Davido & Tonto Dikeh spent the night after Night of Thousand laughs” and because you are too carried away by irrelevant gossips, you’d click on the link to see!
On opening, you may see exactly what looks like a Facebook login page that says “you must log in first” and because this looks exactly like Facebook login screen without minding the link in the URL bar, you may put in your login details and this submits your private information to the hacker.
This is the mechanism: the HTML code gives you the login page, the PHP code collects your password and drop it on the TXT file. It’s not rocket science and these hackers aren’t more intelligent or smarter than you.
Your card details can also be taken this way. You may see stuff like “click here to win airtime” or “click here get instant #5,000”. Every single detail you give these people can be used.
In case you activated 2nd authentication or they are about changing your code, you may get a call like “hello Sir, you’ve been selected as a winner of Facebook iPhone promo. A code has been sent to you and it is your winning code, please call the code so I proceed with sending your winnings.” There are so many formats but they will eventually request a code.
How to ensure your Facebook account is safe:
Update your phone number and emails on Facebook and other social media handler.
Stop using emails and phone numbers you no longer have access to. When something goes wrong with your account, you may lose it forever.
More security measures:
- Update your Social Media Details
- Verify your phone number and email
- Change your passwords and log out of all previous devices.
- Activate TWO-AUTHENTICATION
- Set up a legacy account (add the account of someone you trust who will always help you retrieve your account)
- Don’t log into your social media accounts using public devices or even a friend’s device.
- If you must use a friend’s device or a public device, always use the incognito tab on browsers and ensure you close the tab before leaving.
- When you click on links and it prompts you to put in your Facebook password or requires access to your Facebook account, close it immediately! Altogether, click only on links you trust.
- When you receive any call requesting for any code sent to you, never respond to them. You are free to shout “thief!” into their ears and hang up the call.
- Don’t procrastinate… Review and update your details now!
HOW TO RETRIEVE A HACKED FACEBOOK ACCOUNT
- You may need to visit here and follow the prompts
- If your phone numbers and emails have been changed by the hacker, you’ll need to go back to the last message that was sent to your email by Facebook concerning a login. Click on the link that says “click here if it wasn’t you”. If you no longer have access to that email, that may mean losing your account forever if you also don’t have a legacy account.
I hope someone found this useful?