Desktop facebook phishing page: Step 9:Once the target logins to the website you will see the following file called username.txt in the file manager as shown below: Step 10: Open the file to see the email id and password of the account. Here I used: sas and sas as my facebook email and facebook password. Viola, you have successfully hacked. Phishing is when someone tries to get access to your Facebook account by sending you a suspicious message or link that asks for your personal information. If they get into your account, they may use your account to send spam. Change your Facebook password It's possible your Facebook woes are coming from the result of a phishing scam. Someone may have created a fake website that looks like Facebook or another online. Phishing otpbypass otp-phishing otp-verification informationgathering iplocator advancephishing latest-phishing zomato-phishing ola-phishing paytm-phishing hotstar-phishing ubereats-phishing facebook-otp amazone-tfo google-otp linkedin-otp paytm-otp whatsapp-otp tiktok-phishing.
Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Log in Pages, also known as spoofed pages. In this post, you will learn about what is phishing, phishing attack, types, and techniques, how we can prevent such attacks and phishing facebook page.
You Can Also Read
What is Phishing?
It is the most common method used by hackers to hack accounts and an example of social engineering techniques that are used to deceive users. A phishing attack can be used to hack any type of accounts (almost most of the accounts can be hacked using this technique).
Phishing is a fraud and illegal activity used to obtain some bank account credentials, social account username, email address and passwords, credit card and many more fraud activities.
Hackers create a fake phishing page that looks like the original official website and due to this many people enter their information.
Hackers mainly use email messages, Instant messaging platforms like Facebook, WhatsApp, WeChat, Hike, etc. to send the links for hacking your passwords.
In a survey, It is found that phishing is one of the most common techniques used by hackers to hack accounts and the success rate of this technique is high. But nowadays people are getting aware of this techniques but we need to update ourselves from time to time from the latest hacking methods.
Suggested: Increase real Instagram followers using this tool for free
Phishing Attack
The phishing attack is one of the dangerous fraud activities that can steal your important and sensitive information such as credit cards, social accounts, website admin passwords, etc.
A phishing attack can be used for different purposes like hacking facebook account, Instagram account, credit card numbers, bank account information, and for many other purposes.
![Phishing Facebook Account Phishing Facebook Account](https://hoax-slayer.net/wp-content/uploads/2017/06/recieved-payment-apple-phishing-scam.jpg)
Facebook phishing scams are widely used and it is the easiest method of hacking someone’s account. These fake login pages look like the original login pages of sites like Yahoo, Gmail, MySpace, etc. The victim is fooled to believe the fake Facebook page to be the real one and enter his/her password. But once the user attempts to log in through these pages, his/her Facebook login details are stolen away.
You can make any type of phishing login page to hack facebook using phishing. It is a criminal offense and illegal activity so don’t try to anyone. You can try this on your own account or system to learn this technique but do not try it on anyone else.
Suggested: WiFi hacking complete tutorial guide – Hack nearby WiFi password using this tool
Types & Techniques of Phishing
Types and techniques that are commonly used in this type of attack.
Social engineering
In this technique, users can be encouraged to open attachment or links send to their email address or on instant messaging. When users open this link or attachment they got infected by a virus or hacked.
Clone phishing
Clone phishing is a kind of phishing attack whereby a genuine, and recently conveyed, an email containing a attachments/link has its substance and beneficiary address taken and used to make a practically indistinguishable or cloned email.
The link inside the email is supplanted with a malevolent form and after that sent from an email address parodied to seem to originate from the first sender.
It might profess to be a resend of the first or a refreshed variant to the first. This strategy could be utilized to turn from a recently tainted machine and addition and a dependable balance on another machine, by abusing the social trust related to the induced association because of the two gatherings accepting the first email.
Voice phishing
Voice phishing is a good example that not all phishing attack requires to create a fake page of a website to get users password and email ID. In this phishing attack, hackers sent a message to your phone that claims to be from the bank, in which it says that you have some problems related to the bank account and you need to dial a customer number (customer number will be given in your message) to fix the problem.
But this message does not belong to the official bank. It is a trap to get your account bank number and password. When the user dials this number (hackers number which users may think official bank number), Hackers told users to enter their account numbers and PIN.
This type of phishing attack is called voice phishing. This phishing attack is done using VOIP.
Suggested: 3 techniques to hide Your IP Address
Spear phishing
In this phishing attack, hackers target specific individuals by collecting personal information and data of the individuals to increase their chances of success.
Other techniques
- Link manipulation
- Whaling
Suggested: 10 Best educational apps for students – Learning apps to Learn new things
How to prevent Phishing attack
1. Unknown mails
Do not open unknown email messages or links.
2. Attachments
Do not click or download any unknown attachment send by someone in your mail. If you know that the file is safe then you can open it.
3. Two-Step Verification (2-Step Verification)
Always use 2 step verification for all of your accounts such as Gmail, Facebook, WhatsApp. Two-step verification protects you from hackers. Even if they successfully hacked your account they can’t log in to your account. They need to enter the digit code which will be sent on your phone.
4. Antivirus
Use good antivirus software, It can help you to protect all your sensitive information by detecting the virus, fraud links, phishing attack, ransomware attack, etc.
Antivirus also protects you when you are doing some online activities. If the antivirus found some potentially dangerous websites that can steal your information. It will automatically block such websites and files from the Internet.
5. Check the URL
Check the URL of the website before entering any information. A phishing page will look like a real one but you can easily identify them by checking the URL.
6. Do not share OTP
Do not share your bank OTP with anyone or do not enter any sensitive information such as bank account number and password over the voice call.
7. Game links
If your friend sends you a link and invited to play a game then before entering any information check that the link URL is real or fake one.
8. Do not login to your social media accounts using Email links
Do not log in to your account social media account using the mail message as it can be a hacking link to trick you and get your password.
You can find more tips to prevent yourself from hacking.
See Also:
phishing is a criminal offense and illegal activity so don’t try to anyone. This tutorial is for educational purpose.
For any help, you can leave a message on the Facebook page.
Facebook has had a tough time lately: Cambridge Analytica (and others), disinformation campaigns, data breaches – the bad news seems to be coming thick and fast. Unsurprisingly the security of our once loved social media staple has come under scrutiny.
Despite falling out of favor with the public, Facebook is still the dominant social media platform boasting over two billion active monthly users, and that’s excluding Instagram, Messenger and Whatsapp.
With so many people using the platform, it’s important to consider the security concerns of users, and by extension businesses, and how threats can be mitigated.
Despite falling out of favor with the public, Facebook is still the dominant social media platform boasting over two billion active monthly users, and that’s excluding Instagram, Messenger and Whatsapp.
With so many people using the platform, it’s important to consider the security concerns of users, and by extension businesses, and how threats can be mitigated.
Why should businesses be concerned about Facebook?
As a business owner or IT professional, you’re probably thinking Facebook isn’t really an issue for your organization, you’ve blocked it on the network, what harm can it do?
Well, there are direct and indirect threats.
Regardless of the demographic of your workforce, it’s likely that the majority of your employees will have a Facebook account. Being cynical, this itself could put your organization at risk.
It’s amazing how much information people are willing to divulge in a very public forum. You can find out people’s jobs, current location, education, political beliefs, interests, birthdays, family and relationships, the list goes on.
Without the right privacy and security settings in place, it is very easy for a hacker to do some reconnaissance work, join up social media profiles and devise a phishing attack tailored to the individual. There are examples of a simple status update leading to users’ being extorted, threatened at gunpoint and their houses being robbed. Yes, these are civil examples, but it could be easily applied to the corporate environment.
Businesses need to make sure employees aren’t inadvertently giving away any sensitive information – something that needs to be factored into an organization’s wider security and social media policy.
Well, there are direct and indirect threats.
Regardless of the demographic of your workforce, it’s likely that the majority of your employees will have a Facebook account. Being cynical, this itself could put your organization at risk.
It’s amazing how much information people are willing to divulge in a very public forum. You can find out people’s jobs, current location, education, political beliefs, interests, birthdays, family and relationships, the list goes on.
Without the right privacy and security settings in place, it is very easy for a hacker to do some reconnaissance work, join up social media profiles and devise a phishing attack tailored to the individual. There are examples of a simple status update leading to users’ being extorted, threatened at gunpoint and their houses being robbed. Yes, these are civil examples, but it could be easily applied to the corporate environment.
Businesses need to make sure employees aren’t inadvertently giving away any sensitive information – something that needs to be factored into an organization’s wider security and social media policy.
Fake Facebook Profiles
Much of the fraudulent or ‘inauthentic activity’ on Facebook can be attributed to fake profiles and pages. They’re a nuisance and continual problem for the platform.
In Q1 of 2018, Facebook removed 583 million fake profiles, that’s almost 6.5 million per day.
The Facebook newsroom is awash with press stories about how they’re battling coordinated inauthentic activity in countries like Brazil, Iran and Myanmar, activity that spreads propaganda and political unrest throughout these nations. Despite success with state-level campaigns, the threats affecting the wider user base are failing to be addressed.
Everyday we see stories in the news about new phishing attacks on Facebook, the vulnerable targeted and exploited. Better policing of bad actors is a must and without it, Facebook’s already tarnished reputation will continue to be damaged.
Facebook is well aware of the need to do more, but users cannot absolve themselves of responsibility, they need to practice safe browsing habits and approach online interactions with a healthy amount of scepticism. Firstly, users need to know how to identify a fake Facebook profile.
In Q1 of 2018, Facebook removed 583 million fake profiles, that’s almost 6.5 million per day.
The Facebook newsroom is awash with press stories about how they’re battling coordinated inauthentic activity in countries like Brazil, Iran and Myanmar, activity that spreads propaganda and political unrest throughout these nations. Despite success with state-level campaigns, the threats affecting the wider user base are failing to be addressed.
Everyday we see stories in the news about new phishing attacks on Facebook, the vulnerable targeted and exploited. Better policing of bad actors is a must and without it, Facebook’s already tarnished reputation will continue to be damaged.
Facebook is well aware of the need to do more, but users cannot absolve themselves of responsibility, they need to practice safe browsing habits and approach online interactions with a healthy amount of scepticism. Firstly, users need to know how to identify a fake Facebook profile.
How to spot a fake profile on Facebook?
Ultimately, social media was designed for networking, in fact, part of Facebook’s mission statement is ‘to bring the world closer together’. At some point, users will bump into stranger profiles, that’s the nature of the platform, so it’s important to be able to identify the characteristics fake profiles tend to have:
- Use of other people’s photos and information
Using other people’s photos and information is a common tactic of fake Facebook profiles, after all, the idea is to operate under an alias. Photos are usually the biggest giveaway tending to be attractive headshots, celebrities or terribly generic stock photography. There’s an easy way to work out if the photos are legitimately tied to that account.
We stumbled across this Facebook profile on a dating site’s Facebook page:
Doing a reverse image search for a couple of photos on the profile, it was very apparent that the photos were of a model.
2. Name in URL doesn’t match the name of the Facebook profile
On setting up your Facebook profile, your URL will be your Facebook ID and should look something like this:
Like with everything else on Facebook, you can customize your URL Having a URL that is incongruent with the profile name could be a warning sign that it is a fake or hacked account. For example, the name of the profile below is Sarah Collins, but the name in the URL is Oking Akin.
3. Dubious profile information
It’s rare that you stumble across a profile that is ‘complete’, Facebook has so many fields, it’s hard to keep up. However, you should be wary of inconsistencies in profile information. This is the intro box for another Facebook profile we found:
This particular account works at modelling agencies in South Africa, studied in Australia and lives in California. She might be an international jet setting model seeking love on Facebook, but it is unlikely.
4. Irregular profile timeline / history
With any account, there are likely to be gaps in activity and history, but users need to lookout for inconsistencies. One profile we found went to university prior to going to high school.
We stumbled across this Facebook profile on a dating site’s Facebook page:
Doing a reverse image search for a couple of photos on the profile, it was very apparent that the photos were of a model.
2. Name in URL doesn’t match the name of the Facebook profile
On setting up your Facebook profile, your URL will be your Facebook ID and should look something like this:
Like with everything else on Facebook, you can customize your URL Having a URL that is incongruent with the profile name could be a warning sign that it is a fake or hacked account. For example, the name of the profile below is Sarah Collins, but the name in the URL is Oking Akin.
3. Dubious profile information
It’s rare that you stumble across a profile that is ‘complete’, Facebook has so many fields, it’s hard to keep up. However, you should be wary of inconsistencies in profile information. This is the intro box for another Facebook profile we found:
This particular account works at modelling agencies in South Africa, studied in Australia and lives in California. She might be an international jet setting model seeking love on Facebook, but it is unlikely.
4. Irregular profile timeline / history
With any account, there are likely to be gaps in activity and history, but users need to lookout for inconsistencies. One profile we found went to university prior to going to high school.
- Posting of low quality content
Browsing the Facebook pages of online dating services, the fake accounts demonstrated a clear pattern of behaviour – public introductions and announcements that they are looking for a relationship. By themselves, the comments may seem fairly innocuous, however, when digging into the profiles and comparing to other activity, it becomes very apparent.
What are the most common phishing scams on Facebook?
Romantic Scams
Romance scams are by no means new, nor are they isolated to Facebook, but Facebook is a platform that is perfect for scammers conducting this type of phishing attack.
The online dating market has proliferated over the past few years; people have become far more comfortable with the concept of it and the stigma seems to have dropped. Online dating companies like Tinder, Match.com and Bumble have emerged creating their own applications and websites to cater to their users, and in tow, sizeable social media presences.
Less ‘official’ groups and pages have cropped up to cater to a wider range of dating preferences.
The nature of social media and online dating services means there’s a blur between the two, both are inherently social and rely on interactivity between users.
So, we went on a hunt for fake accounts to see what we could uncover.
Sifting through the comments of Tinder’s Facebook page, we noticed signs that fake profiles were at work. In the context of the page, the below comment may seem fairly innocuous, but something seemed a little phishy, so we dug into the profile.
The profile itself has all the traits of a fake account: limited timeline of activity and information, duplication of photos, interests very focused on dating and truck drivers and is also based in Texas, which has been identified as a hotbed for romantic scams in recent history.
On doing a reverse image search for one of the photos on the account, you can see that the profile’s image has been indexed with a Twitter account, and features on related accounts, increasing the likelihood that this is a fake profile…
It didn’t take long to find this fake account, nor was it the only instance. We had a look through the comments section and stumbled across several more:
The Match.com Facebook page suffers from the same issue. A quick scan of the comments on the page and we found this profile:
On face value, these profiles may seem rather harmless. merely contributing to an ever increasing amount of inane chatter on the platform, however, they may be just the precursor to setting up accounts for online dating apps like Tinder, Happn and Bumble, all of which use Facebook to pull information and authenticate users.
Typically, romance scams are a form of social engineering attack that seek to gain the trust of their targets, and then manipulate them into handing over money, gifts or sensitive information. Be wary of users who:
The online dating market has proliferated over the past few years; people have become far more comfortable with the concept of it and the stigma seems to have dropped. Online dating companies like Tinder, Match.com and Bumble have emerged creating their own applications and websites to cater to their users, and in tow, sizeable social media presences.
Less ‘official’ groups and pages have cropped up to cater to a wider range of dating preferences.
The nature of social media and online dating services means there’s a blur between the two, both are inherently social and rely on interactivity between users.
So, we went on a hunt for fake accounts to see what we could uncover.
Sifting through the comments of Tinder’s Facebook page, we noticed signs that fake profiles were at work. In the context of the page, the below comment may seem fairly innocuous, but something seemed a little phishy, so we dug into the profile.
The profile itself has all the traits of a fake account: limited timeline of activity and information, duplication of photos, interests very focused on dating and truck drivers and is also based in Texas, which has been identified as a hotbed for romantic scams in recent history.
On doing a reverse image search for one of the photos on the account, you can see that the profile’s image has been indexed with a Twitter account, and features on related accounts, increasing the likelihood that this is a fake profile…
It didn’t take long to find this fake account, nor was it the only instance. We had a look through the comments section and stumbled across several more:
The Match.com Facebook page suffers from the same issue. A quick scan of the comments on the page and we found this profile:
On face value, these profiles may seem rather harmless. merely contributing to an ever increasing amount of inane chatter on the platform, however, they may be just the precursor to setting up accounts for online dating apps like Tinder, Happn and Bumble, all of which use Facebook to pull information and authenticate users.
Typically, romance scams are a form of social engineering attack that seek to gain the trust of their targets, and then manipulate them into handing over money, gifts or sensitive information. Be wary of users who:
- come on too strong, shower you with love and affection in a short amount of time
- attempt to move the conversation to a private channel and away from the original domain
- ask a lot of personal information, yet reluctant to give much away themselves
- is unwilling to meet face to face, video calls and dodges in real life conversations
- invents a reason for you to send money or gifts.
Giveaway & Prize scams
People love free stuff, that’s why giveaways are an effective marketing tool on social media. Unsurprisingly, it’s a tactic scammers have adopted to pry personal information from eager compers.
We searched ‘giveaway’ on Facebook and it didn’t take us long to stumble across our first suspicious post.
This particular giveaway seems a little too good to be true.
The link takes users to the blogspot page: https://new-yingtoying.blogspot.com/, a free blogging platform of Google’s. .
Clicking both the ‘register now for free’ and ‘member login’ buttons takes the user to the same page via a series of redirects.
Not all scams will be quite this obvious.
There have been scams giving away Primark vouchers, Norwegian Air and Virgin Atlantic flights with the latter making use of punycode to deceive people.
Also be mindful of ads. Just because it is an advert and has been ‘vetted’, it doesn’t necessarily mean that it isn’t a scam.
Obviously, if you see a competition for an all expenses trip to the Caribbean, you’re going to be tempted, however, be mindful of competitions that:
We searched ‘giveaway’ on Facebook and it didn’t take us long to stumble across our first suspicious post.
This particular giveaway seems a little too good to be true.
The link takes users to the blogspot page: https://new-yingtoying.blogspot.com/, a free blogging platform of Google’s. .
Clicking both the ‘register now for free’ and ‘member login’ buttons takes the user to the same page via a series of redirects.
Not all scams will be quite this obvious.
There have been scams giving away Primark vouchers, Norwegian Air and Virgin Atlantic flights with the latter making use of punycode to deceive people.
Also be mindful of ads. Just because it is an advert and has been ‘vetted’, it doesn’t necessarily mean that it isn’t a scam.
Obviously, if you see a competition for an all expenses trip to the Caribbean, you’re going to be tempted, however, be mindful of competitions that:
- are too good to be true (like the one above)
- direct users to suspicious URLs (e.g. non-https, deceptive domains, forced redirects)
- ask for too much information or ‘engagement’ (e.g. tag 10 friends and share on all your social media accounts) from those entering
- ask for an entry fee to go into the prize draw
- are being promoted by an account with a lot of competitions with no obvious sign of any winners
Facebook Phishing Emails
We all know about phishing emails. Filtration systems have become sophisticated enough that we don’t see the bulk of them, but sometimes, they slip through.
Invariably phishing emails claim to be from support or security when pretending to be from big companies and follow similar lines of social engineering – your account has been hacked, verify your password etc etc.
This is one example of a Facebook phishing email we’ve found. By no means the most sophisticated email scam, nor the most alluring. The sender’s address isn’t the typical facebook domain for email (@facebookmail), the email itself doesn’t really make sense and there isn’t really that much to lure the potential victim in. Don’t think too many will be tricked by this particular email.
If unsure about the validity of an email from Facebook, you can always check the emails that Facebook has sent you. You can access this by heading to the settings on your Facebook profile, security and login and then scroll down to the bottom for advanced security:
Invariably phishing emails claim to be from support or security when pretending to be from big companies and follow similar lines of social engineering – your account has been hacked, verify your password etc etc.
This is one example of a Facebook phishing email we’ve found. By no means the most sophisticated email scam, nor the most alluring. The sender’s address isn’t the typical facebook domain for email (@facebookmail), the email itself doesn’t really make sense and there isn’t really that much to lure the potential victim in. Don’t think too many will be tricked by this particular email.
If unsure about the validity of an email from Facebook, you can always check the emails that Facebook has sent you. You can access this by heading to the settings on your Facebook profile, security and login and then scroll down to the bottom for advanced security:
Phishing Method To Hack Facebook Account
What is Facebook doing to protect users?
It’s an unprecedented challenge for Facebook, policing two billion users on a platform that has been designed to bring people together and uses a multitude of continually developing technologies – it’s no wonder Facebook is struggling to solve the problem.
It is trying though.
The social media giant has over 20,000 employees dedicated to security, but to have a human review each and every post, account, advert on the site would be unrealistic based on the sheer volume alone. It would also change the way people use Facebook; if you knew someone would review everything you did on the platform, you’d likely filter your behaviour.
Facebook has established integrity and authenticity policies to dissuade scammers operating on the platform, but, as with most policies of this ilk, it seems like the flimsiest of deterrents.
That’s why Facebook is turning to artificial intelligence (AI) to resolve security issues.
AI is the in vogue technology, seemingly the cure for all modern ailments, but it does make sense.
Facebook has had great success with the deployment of Microsoft’s PhotoDNA tech, originally introduced to remove child pornography from the platform and further developed to identify other undesirable content.
While able to block millions of fake accounts every day, Facebook acknowledges the need to detect scammers that evade the initial screening. Machine learning techniques are trained on previously learned scams, much in the same way MI:RIAM is used to detect mobile threats. If an account is suspected of being inauthentic, it’ll have to bypass a number of tests to gauge credibility.
It is trying though.
The social media giant has over 20,000 employees dedicated to security, but to have a human review each and every post, account, advert on the site would be unrealistic based on the sheer volume alone. It would also change the way people use Facebook; if you knew someone would review everything you did on the platform, you’d likely filter your behaviour.
Facebook has established integrity and authenticity policies to dissuade scammers operating on the platform, but, as with most policies of this ilk, it seems like the flimsiest of deterrents.
That’s why Facebook is turning to artificial intelligence (AI) to resolve security issues.
AI is the in vogue technology, seemingly the cure for all modern ailments, but it does make sense.
Facebook has had great success with the deployment of Microsoft’s PhotoDNA tech, originally introduced to remove child pornography from the platform and further developed to identify other undesirable content.
While able to block millions of fake accounts every day, Facebook acknowledges the need to detect scammers that evade the initial screening. Machine learning techniques are trained on previously learned scams, much in the same way MI:RIAM is used to detect mobile threats. If an account is suspected of being inauthentic, it’ll have to bypass a number of tests to gauge credibility.
How else can users stay safe on Facebook?
Phishing Facebook Accounts
Facebook users cannot rely on the platform to enforce proper governance and policing, they need to accept some responsibility for their own safety. There are a number of security features on Facebook that can be enabled and regularly checked to enhance personal security including privacy management, two factor authentication (2fa), login alerts and device management.
Additionally, Facebook has built reporting features into the platform to help users self-police.
Keeping tabs on the latest techniques used by scammers is also important. There are Facebook pages and groups such as Facecrooks which are dedicated to spotting and outing these scams.
Additionally, Facebook has built reporting features into the platform to help users self-police.
Keeping tabs on the latest techniques used by scammers is also important. There are Facebook pages and groups such as Facecrooks which are dedicated to spotting and outing these scams.