Are you among the people who when opens web-pages usually ends on facebook or a person who is facebook fan who can’t stay away from facebook. If answer to any of the above question is yes then surely you might be knowing your password might be under attack. Since facebook is one the biggest social networks reaching millions of people around globe and contains private profiles and information it has become a hardcore target for hackers. Reason, it reaches thousands of people so if a fraud is conducted millions can be fooled, next the profile can be used for social engineering attack against you or setup false accusations. From long time I found sites are discussing on how to hack facebook password, but here I want to tell you how to save your account from being hacked by someone. Since there are several methods to hack your account we will discus one method one time with possible simple explanation and possible higher detail. So first type of attack that we’ll cover today is Phishing attack on facebook.
What is Phishing?
In this type of attack an attacker creates a site that resembles the site victim usually access to gain his user name/password and other confidential information. So the attack done by creating a replica of facebook page will be termed as Phishing attack against facebook.
How Attack Is Executed?
The attacker first visits facebook by typing “www.facebook.com”, then he clicks on file menu of his browser and saves complete web-page. Next he opens that we-page in text editor and searches for “action” and locates the following string,
action="https://login.facebook.com/login.php?login_attempt=1"
Now he replaces the action event by his own event to capture your password. Then he uploads this file on his own website and sends you link to this site by e-mail. When you click on link you get re-directed to attacker’s site and once you enter password you are caught.
How To Detect Phishing Attack?
Though browsers automatically detects attack site but needs reporting by someone and hence if the site isn’t reported before your visit there might be catch. So following instructions will help you detect attack site. Please note that no matter what happens and you sit in which country facebook URL will always look like this,
so if you find that the URL doesn’t really appear like this means the site is attack site don’t go ahead. Note status bar, nothing like “Redirect Service By”, “Redirected By”and “Redirected to” should appear in that. Look at following image,
The page does appears like facebook page but it is not, it is file saved on my desktop and I can edit it as per my need. One thing you might have noticed that though the page has been saved from facebook it doesn’t own facebook URL. Same does happens with all sites so if you don’t find URL which exactly matches
don’t enter your username and password.
Keep Your-Self Safe:
It is quite accepted fact that anyhow you’ll not really go to phished site and enter your login details, am I right? of course I am right. To execute attack the attacker will send you an e-mail with obfuscated link to his own site having look of facebook. Please note that facebook has never used obfuscated links nor they’ll use it in future. Its better to type facebook.com and enter details than clicking link, it’ll hardly take your time and if there’s notification you’ll find it on your home page then why to click an obfuscated link. Don’t let attackers phish you and happy Social Networking.
