Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers.
Phishing still is the most popular attack vector used for hacking Facebook accounts, There are variety of methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page. Once the victim logins through the fake page the victims “Email Address” and “Password” is stored in to a text file, The hacker then downloads the text file and gets his hands on the victims credentials.
Keylogging, according to me is the easiest way to hack a Facebook password, Key-logging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victim’s computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are softwares specially designed to capture the saved passwords stored in the victims browser. Stealers once FUD can be extremely powerfull
4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection. In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and use it to access victims account, Session hijacking is widely used on Lan’s.
5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it’s still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it’s more targeted towards wifi users.
6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone. The most popular Mobile Phone Spying softwares are:
1. Mobile Spy
2. Spy Phone Gold
7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook page to his own fake page and hence can get access to victims facebook account.
8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser.
9. Man In the Middle Attacks
If the victim and attacker are on the same LAN and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between.
Botnets are not commonly used for hacking facebook accounts, because of it’s high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer. The infection process is same as the keylogging, however a botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.