One of the most common scenarios we observe on a daily basis are users coaxed into phishing campaigns and malicious applications on Facebook. As we interact with our friends and family on social networks, we tend to trust of any and all of the information that appears to be from our “trusted network.” However, Facebook is one of the most trolled social networks by cyber criminals. They are waiting for you to make a mistake and once you make it, they will be sure to hack you and exploit your friends trust through your newly hacked account.
In this post, we’ll take you through the steps of how a profile on Facebook becomes hacked. Obviously, we don’t want you to follow these steps, but we hope that by arming you with this knowledge, you’ll be one step ahead in thwarting evildoers on social networks.
Step 1: The hook
The hook always starts off with a friends hacked profile. You’ll get a message (appearing to be from them) stating that you need to click on a link for something. In most cases, it’s a “SHOCKING VIDEO” or “We caught you on tape” and the message will usually address you by your first name.
Here is an example:
Step 2: Phishing Attempt
Now that the cyber criminals have lured you in, they’ll need your user name and password to start the next stage of the attack. The application link you clicked on will appear to look exactly like the Facebook login site, but if you look carefully you’ll see that you are not visiting Facebook.com, but rather a malicious copy located at another website address.
Example:
Step 3: Gaining Full Access
Now that you’ve clicked on the link and given them your credentials, they will also request that you give their malicious application full access to the personal information and various rights to post information via your profile. This ensures that they will be able to spread this attack out to all of your friends and family once they are through with you.
After you give the malicious application permission, the attack will now start targeting your friends.
In this example, we see a few of the victims friends falling for the trick:
So there you have it. Hook, line, and sinker.
What do you do if your Facebook profile has already been hacked?
Step 1: First things first, remove the permissions you gave the malicious application by clicking on Account > Application Settings in the top right corner of your Facebook profile. This will ensure that the application will not continue to access your profile after you change your password. The direct link is: http://www.facebook.com/editapps.php?ref=mb
Click on the X next to the application name. In this case, our application was called Video Player:
Facebook will ask you if you are sure that you want to remove permissions. Click Remove.
Step 2: Change your password!
Click on Account and then Account Settings under the top right menu of your Facebook profile. The fourth item down is where you’ll change your password. Be sure to use a unique and complex password that cannot be easily guessed. Here are some tips on how to create a secure password: http://www.microsoft.com/protect/fraud/passwords/create.aspx
We hope that you take this information and share it with all of your friends so they know what to do in the event of a similar attack on their profile.
Stay safe out there!
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
12 comments
i wonder if by scanning friends groups you could automatically create more targeted messages and get more people to click the malicious link… not that thats a good thing but i bet we will see that kind of advanced attack soon, this is more social engineering than hacking in my opinion
This was very informative and helpful, and best of all, EASY to follow! Thanks Panda, for being a friend to those using the world wide web all these years, and for setting high standards in the technology industry!
do not open a f facebook account in the first place. problem solved; no??
good luck to y’all!!
Good post. Yes, this is a common scheme. Network security analysts involved in post breach response need to investigate these data breaches right away. Here’s a link to 3 short videos that show how to analyze network login data after the breach. They show how the analyst confirms the breach, investigates the sources of the breach and then integrates 3rd party data to identify suspects. It’s a 3 part series with each video about 5 minutes in length:
yeah my cuzin kayla hacked my facebook and i want to get back on it
I have been hacked on Facebook. But not through applications. There is direct script running from my account to the account of another user.
Very good article. I am going throkugh some of thse
issues as well..