While scams and phishing attacks are issues of serious concern, it’s not an easy task for several users on Facebook to identify and avoid them. Hackers try to hack user accounts by sending them phishing mails, and eventually steal personal information and other credentials like credit card details and bank details.

There are several ways how hackers carry out the hacking process. Scammers Hackers go through users’ account and gather publicly available information, and send phishing emails to obtain secured information like credit card number and bank details. Sometimes, they create malware programs that are automatically downloaded on your computer which help them gain access to credentials like email id, passwords and so on.

However, hacking isn’t as easy as pie. It goes without saying after all that hacking does require some – considerable amount of knowledge. Here are four common methods that hackers use to target and hack the accounts of Facebook users  -

• Phishing Attacks
• Key logging Programs.
• Password rest via Mobile
• Revealing saved Facebook passwords on web-browsers.

Phishing Attacks

Difficulty Level: Moderate

The term phishing means the fraudulent attempt to steal a person’s confidential information like username, password, bank account numbers, credit card number, and so on. It is one of the most commonly used and easiest methods to gain access to a user’s account.

When you go fishing, you obviously need to have some bait. Similarly, phishers send spoof emails pretending to be from the Facebook team. Typically the email will direct you to click on a URL, which will lead you to a fake webpage, and you will be asked to provide your private information.

The most common and popular phishing attack involves creating a fake login page. Fake login pages appear exactly like the original Facebook login page. When a user attempts to login on this page, the entered username and password will be sent to the hacker, who will then have control over your account.

Here’s an attempt by a hacker that sent a fake security message -

From the above screenshot you can notice that the link provided to verify your account is a fake. It has the link – http://shortlink.tk/gh/accountconfirm which redirects again to http://apps_facebook_account_help_center.cast.cc. Facebook does not create any short URLs when it comes to security related issues. Clicking on the link will take you to a page where you will have to go through the verification process.

Please Read Facebook Security Network – Phishing Attack for complete details.

Key logging Programs (Keyloggers)

Difficulty Level: Easy

When it comes to Facebook or any other social network for that matter, users are forced to download malware (keyloggers) programs
(sometimes they are downloaded automatically). This malware consists of programming code (scripts) that is designed to gather  information, which leads to exploitation of data or loss of privacy. The gathered details can be accessed by the scammer/hacker and also allow them to gain access to system resources.

Keylogger is a software program that intercepts the user’s keystrokes when entering a username, password, credit card number or any other sensitive information that can be exploited. Once this program is downloaded and installed on the victim’s computer, it will automatically initiate the start-up and start capturing keystrokes whenever the user starts typing.

Typically a keylogger is made to function in such a way that it takes screenshots of user activity at predetermined time intervals or when a user types a character or clicks a mouse button. It also monitors online activity by recording addresses of visited web sites, entered keywords and other similar data. Most of all, it records passwords that are hidden by asterisks or black spaces.

How to remove keyloggers?

Unless you know exactly what system processes and application processes are, then you can go to Task Manager by pressing Ctrl + Alt + Del, and terminate unwanted programs. However, if you’re completely clueless about what these processes are, then you can try downloading anti-spyware tools like Spyware Doctor to secure your PC against privacy threats.

A keylogger can also be a small hardware device that usually is placed between the keyboard’s plug and the computer’s keyboard port. A hardware keylogger records all keystrokes and saves them into the memory. Such a device doesn’t rely on a particular software or driver and therefore works under different environments.

Password rest via Mobile

Difficulty Level: Easy

Facebook provides an option for users to reset their account password using their registered mobile number. If hackers have access to your mobile phone, then compromising your Facebook account is dead simple. However, you (or the hacker) will not be shown the current password, but it certainly leaves an option to reset the password without any troubles.

Here’s how the process is carried out -

1. Go to Facebook’s password recovery page – http://www.facebook.com/recover.php
2. You are provided with three options, and in the first option you are asked to enter your mobile number that is associated with your Facebook account.
3. In the next step, select the mobile number and click the “Reset Password” button. It will send a confirmation code to your mobile via SMS.
   
4. Enter the confirmation code, and you will then be able to enter a new password.

By now, you would have probably realized how unsafe this method is, and I hope you consider  removing your phone number from Facebook.

Revealing saved Facebook passwords

Difficulty Level: Easy

This is the most common method and I’m sure every user will know this. When you’re accessing Facebook (or any other account that requires a login) on public computers (like cyber center), then make sure that you don’t save the password or select the Remember Meoption. Doing so will put your account into potential threat and can be hacked by anyone.

How to prevent your Facebook account from being hacked?

There is one simple rule – Do not click on any links on Facebook. However, follow these tips in order to prevent your account from being hacked -

• Avoid clicking on short URLs. If you really want to see where the URL leads to, then try using http://longurl.org/  to expand the URL.
  
• Avoid strange messages sent to you by your friends. If you feel that the message is inappropriate, then you always have an option to ask your friends and verify it.
• If you receive messages sent by a user who is not on your friends list, then check for any links and read tip 1.
• Minimize the use of applications on Facebook. They’re quite useless.
• If you are asked to grant permissions after clicking on a link, then make sure that you are granting permission to the right application. You can always revoke permissions by going to Account > Account Settings > Applications
• Download antispyware tools like Spyware Doctor to secure you PC against privacy threats.
• Bookmark  Techie Buzz Facebook Scams. We always keep you updated with the latest scams spreading on Facebook.

I recommend you to go through the official document released by Facebook, which will definitely help you tackle scam messages. The document is available for free and you can  download  a copy of it from the  Facebook Security Page.

We have also compiled a list of  Most Actively Spreading Scams on Facebook  that you might want to have a look at. In addition to that, don’t forget to check out our article about  Avoiding Facebook Likejacking and Clickjacking scams. Don’t forget to share this post with your  friends  and  alert  them about the scam.