SOCIAL MEDIA HACKING

In this blog we are going to learn about three most popular ways of hacking any social media account (like Facebook, Instagram, Twitter, etc.). In the era where privacy is becoming priceless, let’s just talk about the unrepairable damage caused by invasion of privacy and ways keep our hands out of it.

NOTE: This blog is only meant for educational purpose.

So lets get started🔥

1. KEYLOGGING

A Keylogger is a nasty piece of software because it records every single keystroke a user types and records that information invisibly. Usernames, passwords, and your payment record (Credit & Debit Card Data) are all up for grabs if a hacker successfully installs a keylogger on victim’s desktop.

TYPES OF KEYLOGGER:

i) SOFTWARE KEYLOGGERS

The Software Keyloggers are used to target victim’s system remotely. The problem with this type of keyloggers is getting them installed on victim’s device. This can be extremely complex if a hacker wants to do it fully remotely, but if the hacker anyhow gets acquaintance of victim’s device then the installation step becomes much easier. There are plenty of keyloggers out there, most of them are paid software but you can find many of the absolutely free (just needed some good googling skills😉). After successfully installing the software, make sure you configure the settings to make it invisible and to set an email that the software will send the reports to(𝒊𝒇 𝒚𝒐𝒖 𝒅𝒐𝒏’𝒕 𝒌𝒏𝒐𝒘 𝒉𝒐𝒘 𝒕𝒐 𝒅𝒐 𝒕𝒉𝒊𝒔, 𝒅𝒐𝒏’𝒕 𝒘𝒐𝒓𝒓𝒚 𝒋𝒖𝒔𝒕 𝒘𝒂𝒊𝒕 𝒇𝒐𝒓 𝒕𝒉𝒆 𝒏𝒆𝒙𝒕 𝒃𝒍𝒐𝒈😉).

ii) HARDWARE KEYLOGGERS

The Hardware Keyloggers basically look like a flash drive or wireless USB stick. These really work best on the system because they can be inserted into the system like any normal pendrive — and as they say, outta sight, outta mind. The code on the USB stick will effectively log keystrokes. Some of them even look like old PS2 keyboard and mouse jacks. You can easily find online.

HOW TO PREVENT KEYLOGGING ATTACKS?

Keyloggers are nasty , but there are several things users can do to protect themselves online as follows:

1. Use firewalls. Keyloggers have to send their report of logged keystrokes to another location, and some of the more advanced software firewalls will be able to detect suspicious activity.
2. Also, users should use a password database. These handy password vaults usually have tools that automatically generate random, secure passwords. You see, the keylogger won’t be able to see these passwords since you didn’t technically type them. Just make sure you always copy/paste the passwords when you log into an account.
3. Stay on top of software updates. Once an exploit has been found in an operating system, the OS manufacturer will typically include patches and bug fixes in following updates to ensure that the attack can’t be performed again.
4. Change passwords on a regular basis. Some users who are extremely security conscious will change their passwords every two weeks or so. If this sounds too tedious, you could even do it every month or every three months. It may seem unreasonably zealous, but it will render stolen passwords useless.

2. PHISHING

You’d be surprised how gullible the average Internet user is these days. Most people don’t even check the URL of the site they are visiting as long as the web page looks as they expected it to look. A lot of people have created links to bogus URLs that look and behave exactly like the Facebook login page. Often times these fake links are embedded into social media buttons on a website.

For example, there might be a “Share on Facebook” link, but in order to share the content the user first needs to login to their account. The phishing attempt simply stored the user’s credentials instead of sending them to their Facebook account. Some of the more advanced ones store a copy of the user’s input, and then supply that information to the actual Facebook login page. To the user, it looks as though they have genuinely logged into Facebook, when in fact, they first visited a phishing site.

Believe it or not, it isn’t that difficult to clone a website. All an attacker needs is a fake page and a passable URL that is extremely close to the real URL. Furthermore, attackers can mass email these links to email lists that are purchased online — and they’re dirt cheap, too. Though it is 2021 and phishing filters are becoming increasingly sophisticated, they’re not perfect.

HOW TO PREVENT PHISHING ATTACKS?

There are a few simple and basic things users can do to prevent becoming the next victim of a phishing attack as follows:

1. Never follow links from emails, especially those that come from sources you don’t already know. If you think you can trust the sender, always check the URL of the link before visiting the page. However, it’s better to visit the website directly.
2. Always check links on forums, websites, chatrooms, etc. Believe it or not, even popup ads can contain bogus links to phishing sites. If it doesn’t look legitimate, don’t click on it!
3. Always use anti-virus and security software. Many of them include phishing filters that will stop users from visiting phishing sites.

3. STEALING COOKIES

Cookies are a necessary evil for some sites, but too often users lazily store their login credentials in browser cookies without knowing any better. But an attacker doesn’t always need access to a target’s computer to steal a cookie. There are many sniffing techniques that can be performed across a LAN, such as the wireless network in a coffee shop (like the one you might remember from the very first episode of Mr. Robot). Once the cookie has been stolen, the hacker can then load the cookie into their browser, fooling Facebook into believing that the victim has already logged into their account.

For example, an attacker could utilize firesheep, which is an add-on for Firefox that sniffs traffic on Wi-Fi networks to steal cookies and store them within the attacker’s web browser. Once the attacker has stolen the cookie, they can login to the target’s Facebook account, provided that the target is still logged in. Then, the attacker can change the password of the profile. However, if the victim logs out of Facebook/Instagram/Twitter, the cookie will be worthless.

Final Thoughts on Facebook Security and Attack Prevention

There are also some general techniques and best practices to avoid becoming the next victim of a Facebook attack. Some of them should be common sense, but too many users fail to give security a second thought.

1. Only use trusted wireless networks. If you need an Internet connection and happen to spot an unknown SSID, it’s in your best interest to leave it alone.
2. Within your Facebook profile, click on Account Settings and look in the Security Enable Secure Browsing, and make sure you always use HTTPS to prevent cookie theft.
3. Always log out after you are finished browsing Facebook to prevent a cookie attack. Too many users simply click the “X” in their tab or browser, which doesn’t log you out.
4. Connect using a VPN connection. This will encrypt all of your data before sending it to the VPN server, so local network attackers won’t be able to see what data you’re transmitting.
5. Less is more. Though users are frequently tempted to share their personal information with the world, you would do well to limit how much information you post online. Make sure private information such as email addresses, current location, and other similar information isn’t shared on Facebook.
6. Only befriend people that you trust. There are too many scams circulating that try to build trust with a target and thus hack your Facebook account. The only problem is you have no idea who these strangers are, and more often than not, they’re trying to take advantage of you.

Thankyou for reading!