Hacking facebook by facebook scamming
What is a scam?
according to wikipedia:
Scam is an attempt to defraud a person or group after first gaining their confidence. A confidence artist (or con artist) is an individual, operating alone or in concert with others, who exploits characteristics of the human psyche such as dishonesty, honesty, vanity, compassion, credulity, irresponsibility, naïveté, or greed.
Scam always related with the psychology of a human and one that most common used by scammer in facebook is the curiousity aspect.
Actually I want to write about this hacking facebook scam long time ago when the application about "who view your profile" was booming in facebook and most of your friend recommend this stuff :-). Now I still find this kind of attack nowadays and last two days I get this picture
from my Facebook home wall (sorry for the no picture).
If we see from the picture above (there is a "commented on a link"), the attacker utilize the facebook comments from this URL https://developers.facebook.com/docs/reference/plugins/comments/
Requirements:
1. HTML, CSS and Javascript knowledge.
2. Facebook comments plugins from developer page
Step by step how to Hacking Facebook Like – a Facebook Scam:
1. Learn how to create a website link preview on Facebook from this tutorial about Hacking Facebook using social engineering method.
2. After we know the logic how to make a link previewer on Facebook, here is the result preview that attacker expected when user visited the link.
the attacker create a youtube looks a like website, but I will not explain about this website cloning things.
If you see the picture carefully, on submit button there also another transparent button there.
The transparent button on the picture is the button for facebook comments plugins, but with a little modifications the attacker covering all unnecessary real facebook comments plugins into his own interface.
3. The attacker also put this javascript code into the first line of the fake page.
The purpose of that script is to block all access from the specified city and redirect the requests from that city directly to youtube.com (to prevent/delay the facebook investigation process).
4. This is the preview of attacker fake page.
5. When victim visited attacker fake attacker page, input the code and click the submit button, here is the preview on victim Facebook profile page.
and everyone who interested with that link and visited the link, they will spread the URL automatically.
Conclusion:
1. See carefully the URL when you saw some link on your Facebook home timeline. If you not sure about the link, you can open the link on another browser that not logged in to Facebook.
I am writing this article only for educational purposes, read it just for study and knowledge.
Happy Reading!
according to wikipedia:
Scam is an attempt to defraud a person or group after first gaining their confidence. A confidence artist (or con artist) is an individual, operating alone or in concert with others, who exploits characteristics of the human psyche such as dishonesty, honesty, vanity, compassion, credulity, irresponsibility, naïveté, or greed.
Scam always related with the psychology of a human and one that most common used by scammer in facebook is the curiousity aspect.
Actually I want to write about this hacking facebook scam long time ago when the application about "who view your profile" was booming in facebook and most of your friend recommend this stuff :-). Now I still find this kind of attack nowadays and last two days I get this picture
from my Facebook home wall (sorry for the no picture).
If we see from the picture above (there is a "commented on a link"), the attacker utilize the facebook comments from this URL https://developers.facebook.com/docs/reference/plugins/comments/
Requirements:
1. HTML, CSS and Javascript knowledge.
2. Facebook comments plugins from developer page
Step by step how to Hacking Facebook Like – a Facebook Scam:
1. Learn how to create a website link preview on Facebook from this tutorial about Hacking Facebook using social engineering method.
2. After we know the logic how to make a link previewer on Facebook, here is the result preview that attacker expected when user visited the link.
the attacker create a youtube looks a like website, but I will not explain about this website cloning things.
If you see the picture carefully, on submit button there also another transparent button there.
The transparent button on the picture is the button for facebook comments plugins, but with a little modifications the attacker covering all unnecessary real facebook comments plugins into his own interface.
3. The attacker also put this javascript code into the first line of the fake page.
The purpose of that script is to block all access from the specified city and redirect the requests from that city directly to youtube.com (to prevent/delay the facebook investigation process).
4. This is the preview of attacker fake page.
5. When victim visited attacker fake attacker page, input the code and click the submit button, here is the preview on victim Facebook profile page.
and everyone who interested with that link and visited the link, they will spread the URL automatically.
Conclusion:
1. See carefully the URL when you saw some link on your Facebook home timeline. If you not sure about the link, you can open the link on another browser that not logged in to Facebook.
I am writing this article only for educational purposes, read it just for study and knowledge.
Happy Reading!
No comments: