How to Steal a Facebook Password

Although it seems younger people are leaving Facebook in their droves for hipper social media platforms, it remains one of the largest and most important social media providers.

This fact also makes it a prime target for hackers who can put access to your Facebook account to all sorts of profitable uses. As you might expect, this means there’s a long list of hacks collected by the community that can provide you access to another person’s Facebook account.

Now, before you get excited you should understand that we aren’t providing this information as a way to tell you that you should hack people’s accounts. In fact, you should not hack into people’s personal information for many reasons, least of which possible jail time. No, the point of this article is to demonstrate how weak Facebook’s security can be in some instances. By the time you read this many of these holes will already have been plugged by Facebook. Which is exactly what they should be doing, after all.

Besides, none of this information is secret. Anyone with a few hours to kill on Google can learn at least one potentially effective way to compromise Facebook security.

Method 1: Password Reset Hacking

Facebook Login

Just like any other online service, Facebook provides a way for you to reset your password. Most people do this when they simply forget their passwords, but it is ironically also a feature that’s meant to help you regain control of your account if it should be hacked and the password is changed. This method requires the email address of the target.

Basically, you do the following:

  • Go to the Facebook login page
  • Click on “forgot your password”
  • Enter the target email
  • Click on “No longer have access to these?”
  • Enter an email address that belongs to you and is not associated with any Facebook account
  • Enter answers to the security questions with third-party information gathered through Google or other methods.

As you can see, this method relies on either knowing additional information about your target or the target having weak security answers. Funnily enough, it’s often possible to get the needed information to answer security questions from the public portions of a person’s Facebook page.

How Can I Stop it From Happening?

This exploit is pretty easy to prevent. One of the most effective ways to stop email reset hacking is to use a unique email address for Facebook. Open a Ymail, Gmail or other mail accounts for the sole purpose of using it for Facebook. That way if someone knows your main email account address it’s of no use when it comes to hacking.

The second defense is making sure you have really tough security questions. In fact, it is in your best interest not to tell the truth when it comes to your security questions. Make things up and then don’t forget what your made-up answers are. It’s not a great idea to have what is effectively a password someone can look up using public information.

Method 2: Use Keylogger Malware

Hacker

A keylogger is a small piece of software or specialized USB device that records everything typed on the keyboard during a specified time. This keylogger is then sent back to the hacker by the software keylogger. A hardware keylogger must be retrieved, so it can only be used on someone you have physical access to like a coworker.

You can either buy a keylogger from various places on the net or write your own if you’ve got the talent. Infecting a user’s computer can be done in a few ways. Leave a flash drive lying around where they are likely to find and plug it in out of curiosity. Tricking people into opening infected attachments is another way if their antivirus doesn’t catch it.

Once you receive the logs you need to search the text for the person’s email address, the Facebook URL or any other text inputs that might come just before a password is entered.

How Can I Stop it From Happening?

Software keyloggers need to call back home to send their logs to the hacker who planted them. Obviously, you should schedule regular scans of your computer for malware, spyware, and viruses.

Two-factor authentication is also effective since the keylogger can’t read your phone messages. Finally, make sure only software you approve is white-listed on your computer firewall so that the keylogger can’t communicate with the hacker.

Method 3: Phishing for Passwords

Fish Hook

Phishing is a method of getting the user to actually provide the password to you directly.

The basic process of phishing works like this:

  • Create a website that looks like the login page of Facebook. The site should not be traceable back to you.
  • Create an anonymous email account and then send a spoofed email posing as Facebook. Inform the target something has gone wrong and that they need to log in by clicking on the link in the email.
  • If the target falls for it, then click on the link, fill in their credentials and submit it straight to you

Phishing is a pretty common attack method and is effective mainly because it gets spammed to thousands of addresses, some of whom fall for the scam. If you actually know the target you can make the message more compelling by including information such as their name and actual recent activity from their account.

How Can I Stop it From Happening?

Because phishing is so common we’ve actually put together a comprehensive guide to phishing protection, but it basically boils down to never click on links you find in unsolicited emails. If you can manage that, you’ll be fine.

Staying Scam Free

Some of these methods work for plenty of other services too. Online scams are everywhere and you have to keep your head on a swivel if you want to stay safe. Of course, as always the best place to start with online security is a reliable VPN service. Our favorite as the best all-round VPN right now is ExpressVPN. Be sure to give it a try!