Showing posts with label Facebook. Show all posts
Scammers and phishers on Facebook
Addition to the run-of-the-mill scams you find
all over the Internet, there are several scams that target social
networking sites and Facebook users. These include Gaming App scams,
Vanity scams, Facebook account thieves, Malicious script scams, and
Clickjackers.
Avoiding gaming scams
About
gaming App scams. I don’t mean you’ll be scammed by the App companies.
They’re actually as much of a victim as the Facebook users who fall for
the scams. If you’re an online gamer you already know you have to be
careful not to fall for gaming scams. You already see offers for
“cheats” and “hacks.” A lot of these things that promise to turn you
into a great gamer are really designed to steal your personal
information. But there are allways a good hacks and cheats. Per
excample, something like ''100% REAL WORKING MAFIA WARSE HACK'' is a
100% fake! Download this stuf only from sites you believe. In contrast
of games like Call of Duty, Battlefield series and many other a real
hacks or cheats can be foundable.
Many phishing scams pretend to come from
popular gaming sites. The danger isn’t using known third-party apps like
Frontierville, it’s falling for phishers pretending to offer you game
points or clues. The common scams offer prizes like free virtual
objects. Other lures claim that your account has been suspended and
provide a link for you to remedy the problem. Some of these scams will
arrive on your Wall, but a lot will go directly to your email. Why?
Numbers. Farmville has over 16 million players. Any spammer targeting a
large email list with a phishing lure is bound to net a good number of
Farmville players simply because there are so many Farmville players.
You may also see Wall postings like the
previous one. Click on the link and you’ll be directed to a fake
Facebook login page. If you log into the fake page, you’re giving your
Facebook password directly to the scammer. How can you tell this is a
phishing scam? Facebook will never direct you to the homescreen once you
are logged in. This scammer also used a link shortening service for the
this attack. While link shortening services are very helpful because
they simplify very long URLs, the downside is that you may not know
where they point to until you click. Use extra caution when clicking on
these short links.
So how do the phishers trick you? In this
radius of hacking I am not very good, i know only the base but I can
tell to you some things. Phishers try to catch you off guard and hit you
with the fake Facebook login while you’re actually using Facebook. The
scammer might post a status update on your Wall that includes a link to
something enticing. They might do this using an account they’ve stolen
from one of your Friends so they gain your trust. The message will be
something that will grab your attention. It might be scandalous photos, a
sneak preview of a hot upcoming film, or a weird video. When you click
on the link, you’re asked to log into Facebook again. Except that you’re
not on Facebook anymore. The link actually takes you to a different
website, so when you re-enter your Facebook login credentials, you’re
handing them over to a phisher. Unlike the insanely horrible email scams
written in poor English by scammers, most of the fake Facebook login
screens are pretty believable.
This fake log-in screen above is
recognizable ( for ex. www.Facebok.com). That’s a wellthought scam since
most people automatically insert missing vowels while reading without
even realizing it.
How do you avoid subtle
scams like this one? Remember that Facebook will never contact you by
sending you a Facebook message or posting a status message on your Wall.
And, always look carefully at both the link in the address bar and
links you click. If it looks suspicious don't click it. If Facebook does
contact you, it will be via the regular email account that you provided
when you opened your Facebook account. Always look at the link and
don't click on it if it looks suspicious. Also, remember that Facebook
only needs you to log in once each session. If you’re asked to log in
again, it’s not Facebook.
Excample of Facebook fake log in, picture is not good but you can see:
Excample of Facebook fake log in, picture is not good but you can see:
Avoiding malicious script scam
Malicious
script scam is one of the sneakier attacks being used on Facebook
users. A common con using this attack method claims to allow you to see
who’s been looking at your profile. This enticing scam tries to trick
you into pasting text into your browser address bar.
The “unique code” shown above is the
malicious script. While you’re being patient as instructed, the script
is setting up your profile to spam all of your Friends.
In
response to detecting these kind of attacks, Facebook added checks to
help detect scripts being pasted into the address bar. So if you do
paste a script, Facebook will ask you to confirm that you really want to
paste that script, and even tell you why it’s a bad idea. Pay attention
to these warnings. Don’t paste a script into your browser address bar
unless you know exactly what it does and how. How do you avoid malicious
script scam? Don’t paste a script into your browser address bar unless
you know exactly what it does and how. Also give your Friends a heads up
if you start seeing spam from them. Your Friends may be completely
clueless that their Facebook accounts have been hacked. Let them know
to change their passwords and how to recover a hacked account if needed.
(Read on to learn how to recover a hacked account.)
Avoiding clickjacking
Clickjacking
is a technique used by attackers to trick users into clicking on links
or buttons that are hidden from view. Clickjacking is possible because
of a security weakness in web browsers that allows web pages to be
layered and hidden from view. You think you are clicking on a standard
button, like the PLAY button on an enticing video, but you are really
clicking on a hidden link. Since you can’t see the clickjacker’s hidden
link, you have no idea what you’re really doing. You could be
downloading malware or making all your Facebook information public
without realizing it. One form of clickjacking is to hide a LIKE button
underneath a dummy button. That’s called Likejacking. A scammer might
trick you into saying that you like a product you’ve never heard of in
an underhanded bid to create viral marketing buzz. At first glance,
likejacking sounds more annoying than harmful, but that’s not always
true. If you’re scammed into liking Justin Bieber, the world isn’t
likely to end. But you may be helping to spread spam or possibly sending
Friends somewhere that contains malware. How can you avoid being
jacked? Technologically, you can minimize your risk by staying current
on browser updates. The browser companies are continually adding updates
to shut down vulnerabilities that allow clickjackers and other scammers
to operate. If you’re using Firefox, also consider installing the
NoScript add-on. Beyond that, pay attention to what you’re getting and
from whom. Would a college professor really share a post about watching
hidden camera videos? If a post from one of your Friends seems
suspicious, don’t click on it!
A suspicious
post could be a sign that your Friend’s Facebook account has been
hijacked or that your Friend has been clickjacked to like or share
something without knowing it. If you know your Friends, you’ll know
what those Friends really would like or share. That’s why one of your
best protections against scams is not confirming Friend requests from
people you don’t actually know.
Important!
One thing tahts annoying me is post like '' share this page 77 times and
you will be able to download scary movie 5'' or ''send 25 frinds this
page on chat and you will get 1000 coins in Mafia wars''. That isn't
dengerous but is annoying. When you shere some page xxx times, what will
happen? NOTHING!!! Its a trick for stupid people thats fall for those.
Protect your account
Always
Use a good password and keep that on your mind. Not only for facebook
but for all internet sing ups. Creating a good password is fairly
simple. You want it to be complex enough that it can’t be guessed, yet
meaningful enough that you can actually remember it.
What is a good password?
First of all:
Don’t use it for ALL your accounts! Don’t share it with friends! Change it regularly! Consider storing it in a password tool!
A
good password has at least eight characters, one or more numbers, at
least one special character and at least one upcase letter. Use
non-words but associate them with a word. Or go for something humorous
you can remember. Per excample the best paswor would be something like
'' ibNz#$jkF478LM_) '' but it is hard to remember. You must think for
yourself and think out something. And always be sure to add a security
question and your mobile phone number in the account settings of your
Facebook account.
Log out
Avoid the scams
Identifying scams is trickier since messages appear to be coming from people you know and trust. So how do you spot a scam on Facebook? Let’s begin with a bit of context.
Online scams are moving targets. In the beginning, the obvious scams were email attachments from people you didn’t know.
Then it was “Security alerts” from banks or credit cards. In this days
it can also be a status update from a Friend asking you to watch a new
video or visit an “awesome” website.
Conventional Scammers
Scammers hit Facebook for the same reason they target the rest of the Internet. They want access to your information, or your
computer, or the money in your pocket. And sometimes they want to trick
you into downloading malicious software to your computer. (rat or
keylogger). The trick is to recognize the phishers, account thieves, and
malware pushers.
Phishers steal personal information, often the data needed for identity. Phisher is an attempt to trick users into revealing personal information or financial data. You’ve already seen phishing scams in your email. On Facebook, phishers can try to scam you from multiple places—in status postings on your profile, in Facebook messages, and in Facebook chat. They can even send you regular email pretending to be Facebook or a popular App(Texas hold'em per ex.).
Account thieves try to trick you into logging into a fake Facebook screen in order to steal your Facebook login and password. This is why you should always check the address in your browser bar to make sure you are on Facebook and not some other unrelated site. ( per ex. www.facebook.facebook.com, www.facebook.007.com or some better www.Facbook.com , www.Facebok.com etc.)
They might want
to sell your information, or to scam your Friends. People are far more
likely to fall for a scam when it comes from someone they trust, like a
Friend.
Malware pushers want to install destructive software on your computer. That malicious software, or malware , is designed to harm your computer or steal personal information. That malware might do a number of nasty things. It could install spyware to log your keystrokes and collect financial account numbers and passwords. Or even lock up your computer unless you pay a ransom. How do malware pushers target Facebook users? You’ll be presented with an offer to download and install new software on your computer. It might be a new game, a digital photo organizer, a digital music player, or any other useful piece of software. Before you download any “free” software, always ask yourself who made it and why it might be free. If it feels a bit dicey, don’t download it and always be sure to update your antivirus!
Facebook Hack method 2. :Social engineering
Now im going to talk about the concept of
applying social engineering. I hear most people online say social
engineering is easy, although to a certain degree i do agree, it seems
most people forget the whole concept, at what makes someone, not only
effective at what their doing, but social engineer their slave to a
degree where the person would never know nor suspect that it was you.
I myself have had a few people in the past ask me questions on social engineering. I always say to anyone, you need to imagine social engineering as a game. But before i talk about the 'Game', I want to go into detail about Basic knowledge and self preparation.
Basic knowledge and self preparation:
It's important like most things in life to be fully equiped and prepared to take on a task. I myself would suggest you have clear outlines of what your trying to achieve, be it to get someone's email password, explioting them for money, to get into a online game group/clan ect ect. In thi case the email and password of Facebook accaunt.
First of all, you need to take into consideration of what you will need, for this social engineering tutorial im going to outline this from an obtaining someone's email password perspective. Before i continue, i would like to stress some important factors you might want to take into consideration:
1) People are more open to you if they percieve you as an idiot.
2) People are less suspicious of you when you make them laugh.
3) People are more trusting if you actually take an interest in them.
I'm going to break these three points down to give you a better understanding of why this is:
In the case of 1)
nearly everyone seems to be more careless when they percieve you as an idiot, the main reason for that is, you don't consider someone who appears to be an idiot as a threat. Another reason is that people tend to become more open and arrogant when they feel they are on a higher pedistel than you (never forget that!). Now there are things you need to remember however, although these things are true if you overplay your idiot persona it will not be good in your fotune. Always remember real morons are annoying as hell, you DO NOT want to put off the person your trying to social engineer(unless your trying to fail, then knock yourself out).
In the case of 2)
when talking to someone it's easy to see why this rule is advised. Often it's a good ice breaker, also reenforcing the idea that "your a nice guy", it slowly allows the person to build a relationship of 'trust' with you.
in the case of 3)
I myself have had a few people in the past ask me questions on social engineering. I always say to anyone, you need to imagine social engineering as a game. But before i talk about the 'Game', I want to go into detail about Basic knowledge and self preparation.
Basic knowledge and self preparation:
It's important like most things in life to be fully equiped and prepared to take on a task. I myself would suggest you have clear outlines of what your trying to achieve, be it to get someone's email password, explioting them for money, to get into a online game group/clan ect ect. In thi case the email and password of Facebook accaunt.
First of all, you need to take into consideration of what you will need, for this social engineering tutorial im going to outline this from an obtaining someone's email password perspective. Before i continue, i would like to stress some important factors you might want to take into consideration:
1) People are more open to you if they percieve you as an idiot.
2) People are less suspicious of you when you make them laugh.
3) People are more trusting if you actually take an interest in them.
I'm going to break these three points down to give you a better understanding of why this is:
In the case of 1)
nearly everyone seems to be more careless when they percieve you as an idiot, the main reason for that is, you don't consider someone who appears to be an idiot as a threat. Another reason is that people tend to become more open and arrogant when they feel they are on a higher pedistel than you (never forget that!). Now there are things you need to remember however, although these things are true if you overplay your idiot persona it will not be good in your fotune. Always remember real morons are annoying as hell, you DO NOT want to put off the person your trying to social engineer(unless your trying to fail, then knock yourself out).
In the case of 2)
when talking to someone it's easy to see why this rule is advised. Often it's a good ice breaker, also reenforcing the idea that "your a nice guy", it slowly allows the person to build a relationship of 'trust' with you.
in the case of 3)
also an obvious
advisement, if you just pester someone for information without atleast
pretending to take an interest in what they are saying, not only will
you come across as rude, it will make the person wonder why your probing
them for person info.
With these three points made, i will now continue with my example of obtaining someone's Facebook Email and password. Before you go into detail, it's important to outline what you need to successfully social engineer the password out of someone. Now you could try to Social engineer them for their password, I advise you be a bit more intelligent and indirectly social engineer them for their password by obtaining their password recovery knowledge. Now it's important to what you need to successfully hack their account through recovery questions. You will need the following:
Their email adsress
Their accaunt password
With this in mind it's imperative you plan how you will obtain these details. I will tell you how i do it. But first i need you to understand, this whole trasnaction will not be completed over a course of a day, it can take days to weeks depending on the person. I suggest you talk to them and read them first. If their open, then you can do it within days, if their not then it would be better you spread this out over a week or two. I also want you to imagine what you will say, try to predict their answers and MOST OF ALL, think of a scapegoat on why your probing them for these answers, just incase your less than suttle and arouse suspicion, if they ever suspect you it will go from a flame to a fire it's important to stamp all of their doubt in you as soon as possible.
Now there are many ways you can obtain their password and addresse. Some people and post their address on their profiles. In which case this is easy pickins, however that is rare. So you need to devise a way of obtaining that info. Now you can pretend that you are from bank or somethin like this and ask for their email adress. Or you can pretend that you are some student an doing some research. Be creative
Now i need the answer to their security question, now you need to find out what the question is, i suggest pretend to recover password to see what it is or get the info for all of the recovery questions email asks. Im going to go with the first option and say for example their recovery question was : What is your dogs name?.
How I would go about obtaining this would be to pretend to have a pet of my own, i would start off the convo like so:
me: Ffs my dog wont stop barking, seriously where did i leave my ducktape lol!
victim: lol yeah i know sometimes my dog's the same, annoying -.-
me: Oh you have a dog? i didn't realise whats your dogs name, if you don't mind me asking.
It is important to add "if you don't mind me asking", because it gives the person a bit of power over you and also show's a little respect (once again reinforcing the notion your a nice fellow).
POINT: I wouldn't dive straight into "whats your dogs name" start with the breed first and remember try to predict what they will inturn ask (mines blah blah whats yours?).
With that in mind, I'm sure by now you can see how easy it is, to social engineer someone's password through the indirect method of password recovery. Now obviously most recovery questions wont be about pets mostly they're "mothers madien name" "place of birth" ect. But use the same logic and work around it, remember think every detail through and ask yourself this if someone gave you this story or asked you in a certian way would it seem legit to you?
and when you have the email adress, click on facebook, I forgot password and will be sent on your email.
The Game:
The game is basically, perfecting "self preparation". Social engineering is a game,. If you think about it in this way: each time trust is given to you, you advance a level, which each level you advance, your ability of obtaining infomation from this person becomes easier. In a sense mastering the ability to come up with more ingenius ways of manipulating someone, without arousing suspicion, is what seperates the lucky noobs from the elites.
When thinking about this as a game, you need to reflect on your goals. As I've mentioned before try to imagine the dialogue between you both, think about how you will obtain certain things and more importantly have clear directives. With this in mind i think we can now talk about how you might want to consider presenting yourself (only applies if the person is indeed a stranger).
So if you were going to go after a complete stranger, you should first try and get as much research on them as you can. For example, age, name. This is important for making up for fake identity. I would also suggest if you social engineer more than one person you write down, in detail! your differn't alias so you don't get confused. Nothing would be worse than using the wrong alias on the wrong person.
When building your identity decide on what would give you the biggest advantage with this person. This can be from faking your age to match the interests of this person, thus giving you the advange of being able to "click" with the person. Pretending to be a student or in a deadend job for sympathy manipulation or in the case of a deadend job, pretending to relate to the slave. There are many things you can do, as I've mentioned it depends on the circumstances you need.
With these three points made, i will now continue with my example of obtaining someone's Facebook Email and password. Before you go into detail, it's important to outline what you need to successfully social engineer the password out of someone. Now you could try to Social engineer them for their password, I advise you be a bit more intelligent and indirectly social engineer them for their password by obtaining their password recovery knowledge. Now it's important to what you need to successfully hack their account through recovery questions. You will need the following:
Their email adsress
Their accaunt password
With this in mind it's imperative you plan how you will obtain these details. I will tell you how i do it. But first i need you to understand, this whole trasnaction will not be completed over a course of a day, it can take days to weeks depending on the person. I suggest you talk to them and read them first. If their open, then you can do it within days, if their not then it would be better you spread this out over a week or two. I also want you to imagine what you will say, try to predict their answers and MOST OF ALL, think of a scapegoat on why your probing them for these answers, just incase your less than suttle and arouse suspicion, if they ever suspect you it will go from a flame to a fire it's important to stamp all of their doubt in you as soon as possible.
Now there are many ways you can obtain their password and addresse. Some people and post their address on their profiles. In which case this is easy pickins, however that is rare. So you need to devise a way of obtaining that info. Now you can pretend that you are from bank or somethin like this and ask for their email adress. Or you can pretend that you are some student an doing some research. Be creative
Now i need the answer to their security question, now you need to find out what the question is, i suggest pretend to recover password to see what it is or get the info for all of the recovery questions email asks. Im going to go with the first option and say for example their recovery question was : What is your dogs name?.
How I would go about obtaining this would be to pretend to have a pet of my own, i would start off the convo like so:
me: Ffs my dog wont stop barking, seriously where did i leave my ducktape lol!
victim: lol yeah i know sometimes my dog's the same, annoying -.-
me: Oh you have a dog? i didn't realise whats your dogs name, if you don't mind me asking.
It is important to add "if you don't mind me asking", because it gives the person a bit of power over you and also show's a little respect (once again reinforcing the notion your a nice fellow).
POINT: I wouldn't dive straight into "whats your dogs name" start with the breed first and remember try to predict what they will inturn ask (mines blah blah whats yours?).
With that in mind, I'm sure by now you can see how easy it is, to social engineer someone's password through the indirect method of password recovery. Now obviously most recovery questions wont be about pets mostly they're "mothers madien name" "place of birth" ect. But use the same logic and work around it, remember think every detail through and ask yourself this if someone gave you this story or asked you in a certian way would it seem legit to you?
and when you have the email adress, click on facebook, I forgot password and will be sent on your email.
The Game:
The game is basically, perfecting "self preparation". Social engineering is a game,. If you think about it in this way: each time trust is given to you, you advance a level, which each level you advance, your ability of obtaining infomation from this person becomes easier. In a sense mastering the ability to come up with more ingenius ways of manipulating someone, without arousing suspicion, is what seperates the lucky noobs from the elites.
When thinking about this as a game, you need to reflect on your goals. As I've mentioned before try to imagine the dialogue between you both, think about how you will obtain certain things and more importantly have clear directives. With this in mind i think we can now talk about how you might want to consider presenting yourself (only applies if the person is indeed a stranger).
So if you were going to go after a complete stranger, you should first try and get as much research on them as you can. For example, age, name. This is important for making up for fake identity. I would also suggest if you social engineer more than one person you write down, in detail! your differn't alias so you don't get confused. Nothing would be worse than using the wrong alias on the wrong person.
When building your identity decide on what would give you the biggest advantage with this person. This can be from faking your age to match the interests of this person, thus giving you the advange of being able to "click" with the person. Pretending to be a student or in a deadend job for sympathy manipulation or in the case of a deadend job, pretending to relate to the slave. There are many things you can do, as I've mentioned it depends on the circumstances you need.
Here are Some ebooks about social engineering which are very detailed (about 300 pages):
Bypassing facebook security
Here is a new tutorial for everyone who has been
dealing with Facebook blocking your entrance into someone's account
because of logging in from a different location. Since I have problems
with logging in some other location and have to deal with Facebook
leaving me out off people's accounts I decided to write a little more
about Facebook security. In the last tutorial I wrote sommething but
here is a little more. I will go over specific techniques and ideas to
eventually grant you entrance to their accounts without having to deal
with that Facebook problem having logging in from different location.
Before you even begin reading this, you
must already have their passwords or e-mails. If not, you have some
tutorials about that in this site.You will need to use your brain to
thingk or you will fail in this.
Ok, let's move on to some information.
This method is a cheap shot method, but you never know if it might work or not.
If a person uses a particular computer to log in to their accounts on a regular basis, THAT computer alone should be your focus. You should infect that computer with a keylogger and have it linked together with a FTP to send you the logs or linked to send you e-mails. Another method is to use your OWN computer to acquire the password by infecting yourself with a keylogger and let the slave use your computer. Gain their trust to the point of where they can log in to different websites.You can say for instance "My account is not working, I think Facebook banned me. Can you test your account to see if yours is working?" And of course, they will log in and you will gain the information. After they successfully log in, you can login to your account and say "Oh, there we go! It worked" . Now, you will attempt to log in in the future and the problem of Logging in from another location will dissapear. But let's say that they are not stupid enough to use your computer to log in. you might think, what then? Well, here is some tips. Considering that you will already have the password, but you will have the problem of Logging in from another location.
Watch and study your victim, if you know what location he/she uses tp log in, you should attempt to log in at that same location as well. It could be school, library, another friend's house, etc. Most people will use any computer to log in to Social Networks or E-mails to check on updates. Considering that the IP you log in at that particular is the same within their network, the problem of Logging in from another location is solved. So, if you don't have the choice of offering your computer as trap or the chance to "stalk" your slave. You wonder, what do you do then? Well, this is where it gets more complicated, considering that Facebook finally came up with an ingenious method to avoid intruders of taking over accounts easily.
Here's what Facebook did, in case if you don't already know. Facebook implemented that you must visually recognize the friends on that account. They will show you pictures of random people within that account and ask you to select the name of that person.
If you don't recognize any of those people, you're screwed.When will this happen or not? That will only happen when you attempt to change their passwords, so Facebook makes sure that you own that account. I personally wouldn't attempt to change the passwords, but if you try, here is what I would recommend to you. If you know the person notice who he/she is friends with to try to recognize the faces and physically ask the other persons their names. If you do not know the person, you can use some websites:
http://com.lullar.com/
Ok, let's move on to some information.
This method is a cheap shot method, but you never know if it might work or not.
If a person uses a particular computer to log in to their accounts on a regular basis, THAT computer alone should be your focus. You should infect that computer with a keylogger and have it linked together with a FTP to send you the logs or linked to send you e-mails. Another method is to use your OWN computer to acquire the password by infecting yourself with a keylogger and let the slave use your computer. Gain their trust to the point of where they can log in to different websites.You can say for instance "My account is not working, I think Facebook banned me. Can you test your account to see if yours is working?" And of course, they will log in and you will gain the information. After they successfully log in, you can login to your account and say "Oh, there we go! It worked" . Now, you will attempt to log in in the future and the problem of Logging in from another location will dissapear. But let's say that they are not stupid enough to use your computer to log in. you might think, what then? Well, here is some tips. Considering that you will already have the password, but you will have the problem of Logging in from another location.
Watch and study your victim, if you know what location he/she uses tp log in, you should attempt to log in at that same location as well. It could be school, library, another friend's house, etc. Most people will use any computer to log in to Social Networks or E-mails to check on updates. Considering that the IP you log in at that particular is the same within their network, the problem of Logging in from another location is solved. So, if you don't have the choice of offering your computer as trap or the chance to "stalk" your slave. You wonder, what do you do then? Well, this is where it gets more complicated, considering that Facebook finally came up with an ingenious method to avoid intruders of taking over accounts easily.
Here's what Facebook did, in case if you don't already know. Facebook implemented that you must visually recognize the friends on that account. They will show you pictures of random people within that account and ask you to select the name of that person.
If you don't recognize any of those people, you're screwed.When will this happen or not? That will only happen when you attempt to change their passwords, so Facebook makes sure that you own that account. I personally wouldn't attempt to change the passwords, but if you try, here is what I would recommend to you. If you know the person notice who he/she is friends with to try to recognize the faces and physically ask the other persons their names. If you do not know the person, you can use some websites:
http://com.lullar.com/
http://www.pipl.com/email/
To search their names, e-mails, phone numbers to see whether if you can find them on other Social networks. You can search the person's name manually by going to Myspace, Facebook, etc. To see who they have added as friends. Your next step is to add a friend of the victim or the victim directly. Adding the victim directly will probably be the best, because you would have access directly to all the victims friends and their pictures. Now, all you have to do is match the pictures that Facebook asks you when you attempt to change their passwords by going to the victims friends and match them. If you don't want to change their passwords, you can mask the victim IP. To find out their IP, you will need a RAT to manually whois them or any other method other there to find their IP. But about RATS we will talk next time. Search on my blog tutorials about RATs. A quick method I will suggest to you is to send the slave an e-mail if they have a hotmail account. When they reply you can right click on the e-mail and view source. You will see an IP from sender and use that to mask. Mask their IP and facebook will not give you the problem of Logging in from another location. If you follow the instructions I gave you, you will surely gain entrance to their accounts and Facebook won't be ble to do crap.
Facebook hack: keylogger detailed
Hello
people: In this tutorial I will explain you what is a keylogger in a
very detailed way. So lets begin.Keyloggers can be classified into two
main types:
1. Hardware Keylogger
2. Software Keylogger
1.
A hardware keylogger is also used for keystroke logging, a hardware
keylogger is plugged between the keyboard plugand the USB or PS/2 port
socket, and they work with PS/2keyboardsand also usb keyboards,
A
hardware keylogger is just like a normal USB drive or any other
computer peripheral so that the victims can never doubt that it is a
keylogger. Hardware keylogger has any inbuilt memory which stores the typed keystrokes.
But
i think you will use software keylogger because it can be found free
and i don't know anyone who use hardware keylogger. Ant the most
inportant thing, you must have acces to victim computer to set up a
software keylogger
2. So here our story begin. The software keylogger can be classified in two types local keylogger and remote keylogger.
Local Keyloggers are used to monitor local computers (May be
your own Pc), they are very easy to install and are completely
undetectable and it’s really hard to figure out once a keylogger is
installed on a computer because usually keyloggers hide themselves from
taskmanager, Windows Registry etc. Whenever you want to see logs, screenshots etc you just need to press a hotkey which (ex. Shift+Ctrl+F10). There are hundreds of keyloggers available now days.
taskmanager, Windows Registry etc. Whenever you want to see logs, screenshots etc you just need to press a hotkey which (ex. Shift+Ctrl+F10). There are hundreds of keyloggers available now days.
Remote keyloggers are used for the purpose of monitoring a remote pc, Once a remote keylogger is installed on your computer the
attacker can get your keystrokes, your webcam shots, chat logs etc sitting in any part of the world. You can find tons of Remote keyloggers on web but lots of them are either not capable of properly recording keystrokes or they have a high antivirus detection rate, With my experience of hacking I have tested over 50 different and I thing the best is ardamax. I don't know maybe you will find some better and simpler. Now if you dont know i will explain you how some keylogger works. In your computer you install some keylogger witch is detected like a virus by some antivirus. Thats why you must turn of antivirus before you instal this. Now when is instaled you run it, and a new window pop up. Here you enter where it will upload informations, everything what is typed in keyboard, screnshots and so one. I recomend FTP, the database on internet where you have your storage. Later when the set up is over you get the .exe file. This file you put in some other computer and it record everything wha the victim type in there. And that's it now you just have to wait that the victim type in what you want( facebook password and email)
attacker can get your keystrokes, your webcam shots, chat logs etc sitting in any part of the world. You can find tons of Remote keyloggers on web but lots of them are either not capable of properly recording keystrokes or they have a high antivirus detection rate, With my experience of hacking I have tested over 50 different and I thing the best is ardamax. I don't know maybe you will find some better and simpler. Now if you dont know i will explain you how some keylogger works. In your computer you install some keylogger witch is detected like a virus by some antivirus. Thats why you must turn of antivirus before you instal this. Now when is instaled you run it, and a new window pop up. Here you enter where it will upload informations, everything what is typed in keyboard, screnshots and so one. I recomend FTP, the database on internet where you have your storage. Later when the set up is over you get the .exe file. This file you put in some other computer and it record everything wha the victim type in there. And that's it now you just have to wait that the victim type in what you want( facebook password and email)
Here is a video tutorial about how to set up ardamax keylogger:
Additionally: Binders
A
binder is small piece software used to bind or combine to or more files
under one name and extension. As some of you might know that most of
viruses come with .exe extension so the victim can get suspicious and is less likely to run the file. With binders you can easily bind a file
with .exe extension with other extensions such as .mp3, .bat, .jpeg.
with .exe extension with other extensions such as .mp3, .bat, .jpeg.
One popular Binder is: Easy Binder
Download here:
(you need to fill up a survey to download file, it's nothing dont worry )
Easy Binder v.2.0.0.0
(you need to fill up a survey to download file, it's nothing dont worry )
Easy Binder v.2.0.0.0
Hope it helped,
Enjoy.
You like this? Tell your friends about this. Recommend this on Google!
You like this? Tell your friends about this. Recommend this on Google!
Facebook Hack first method: Keyloggers
Hello people
Today I will write one tutorial about how to hack Facebook which includes keyloggers and dealing with a lot of problems along the way. This tutorial will be highly detailed with everything, including some thing you will need and all the thinking process necessary to successfully hack a Facebook account.
The tutorial inludes:
1) Keyloggers
2) How not to get traced
3) Regaining Access - New Retrieval method
Why am I writing this? Well, I am a hacker and many people asked me about hacking Facebook accaunts and i decided to tell the worl how you can hack Facebook
Today I will write one tutorial about how to hack Facebook which includes keyloggers and dealing with a lot of problems along the way. This tutorial will be highly detailed with everything, including some thing you will need and all the thinking process necessary to successfully hack a Facebook account.
The tutorial inludes:
1) Keyloggers
2) How not to get traced
3) Regaining Access - New Retrieval method
Why am I writing this? Well, I am a hacker and many people asked me about hacking Facebook accaunts and i decided to tell the worl how you can hack Facebook
Not only that, but all the other tutorials
regarding 'How to Hack Facebook' are outdated and no longer work
because they are not including the security updates that Facebook
implemented not so long ago.
Well I will make more tutorials about hacking Facebook and Facebook security.
Let's begin.
I have seen that 99.9% of the tutorials about Facebook hacking is now recommend Phishing, keylogging, RATing, and even Social Engineering (SE) as the most notable methods to take over a Facebook account. In this tutorial I will explain only keyloggers but i will be back with moer and more tutorials.
Before, we go any further. Let me say that Facebook cannot be hacked with a program of any kind.If you see anyone claiming that they have a program to hack Facebook, they are lying.
Things about “Facebook hacker 100% working“ and similar things is 100% not working.
Now, what are keyloggers?
-Key loggers only record the keys pressed on the keyboard. You need to set up a keylogger and than place the file in victims computer. That will record anything what he/she type in the computer. The program will upload the .txt file on FTP or send you an email whit everything what is typed in victim keyboard, which include Facebook password.
1. KEYLOGGERS:
Well I will make more tutorials about hacking Facebook and Facebook security.
Let's begin.
I have seen that 99.9% of the tutorials about Facebook hacking is now recommend Phishing, keylogging, RATing, and even Social Engineering (SE) as the most notable methods to take over a Facebook account. In this tutorial I will explain only keyloggers but i will be back with moer and more tutorials.
Before, we go any further. Let me say that Facebook cannot be hacked with a program of any kind.If you see anyone claiming that they have a program to hack Facebook, they are lying.
Things about “Facebook hacker 100% working“ and similar things is 100% not working.
Now, what are keyloggers?
-Key loggers only record the keys pressed on the keyboard. You need to set up a keylogger and than place the file in victims computer. That will record anything what he/she type in the computer. The program will upload the .txt file on FTP or send you an email whit everything what is typed in victim keyboard, which include Facebook password.
1. KEYLOGGERS:
I recomend Ardamax keylogger:
(you need to fill up a survey to download file, it's nothing dont worry )
(you need to fill up a survey to download file, it's nothing dont worry )
When
you unpack the program your antivirus will detect the program as a
virus, but don't wory almost every antivirus program will detect it like
a virus because it is a spyware but it can't damage your coputer.
note:if you want to remove ardamax keylogger from your computer, or from another, this is aklremover and just duble click and it will dissapear.
note:if you want to remove ardamax keylogger from your computer, or from another, this is aklremover and just duble click and it will dissapear.
Why Ardamax? Sincerely I don't know, i used many keylogger and this are the simplest for me. Download whatever you want but the use of this is very simple and you don't need any tutorials or something similiar.
When you set up the keylogger you made your
server or bot, or whatever you want to call it, FUD (Full undetected),
being not detected by any Anti Virus or at least UD (Undetected), being
only being detected by some rare Anti virus.
Why crypt? Well, so your file doesn't get detected and immediately deleted as soon as the target opens the file.
Why crypt? Well, so your file doesn't get detected and immediately deleted as soon as the target opens the file.
I assume that someone of you don't know how
to set up a keylogger but i will make some tutorials very soon. It will
be posted on my blog.
Even if you do manage to steal the password and e-mail using Keyloggers, the problem of suspicion will appear.
The IP adress. If you already have his IP or location through other methods such as reverting you're good to go.
However, if you do not have any information at all what so ever, you can try searching on these sites to revert info about the target.
http://com.lullar.com/
http://www.pipl.com/email/
http://www.spokeo.com
http://www.emailfinder.com
http://www.zabasearch.com/
http://www.zoominfo.com
Now, once you have an IP or ISP, or location the next part is looking for a Sock5 to hide behind so Facebook thinks that you are only using a different computer in the same area. You can also spoof the IP, but I will not go into that.
So, after all that work, you still can't take over their accounts?
Matching Faces
I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target's friends. And obviously, I was clueless because I did not know of the people.
What did I do? Well, as you can see the pictures:
(when you clic on the pictures, afther 5 seconds yust clic skip add)
Even if you do manage to steal the password and e-mail using Keyloggers, the problem of suspicion will appear.
The IP adress. If you already have his IP or location through other methods such as reverting you're good to go.
However, if you do not have any information at all what so ever, you can try searching on these sites to revert info about the target.
http://com.lullar.com/
http://www.pipl.com/email/
http://www.spokeo.com
http://www.emailfinder.com
http://www.zabasearch.com/
http://www.zoominfo.com
Now, once you have an IP or ISP, or location the next part is looking for a Sock5 to hide behind so Facebook thinks that you are only using a different computer in the same area. You can also spoof the IP, but I will not go into that.
So, after all that work, you still can't take over their accounts?
Matching Faces
I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target's friends. And obviously, I was clueless because I did not know of the people.
What did I do? Well, as you can see the pictures:
(when you clic on the pictures, afther 5 seconds yust clic skip add)
Suspicion
Security question
Confirm Identity
Confirm identity by identifying the friends on that account.
Facebook provides the names of the target's friends. So, use that information to essentially bypass the security of identification by searching those names on Facebook search and matching the faces based on the Target's friends.
It will only ask you match faces if you are logging in with the correct password or if you get picked up from a different location.
Note that will need an extra Facebook account to search, otherwise Facebook does not let you search. Close the 'Suspicion' page and log in to your extra or your actual Facebook account and search for the Target's friends.
Be sure to notice where your target lives so on the results you can compare whether if the friend is the matching face or not. Be sure to notice the names of the friends as well.
For example, if the name choices are:
George Bush
Adolf Hitler
Barrack Obama
Mohammed Ali
Lee Chang
And the picture given is of an middle eastern descent looking person, you should obviously go with the name that sounds middle eastern.
Once you match the faces for the identification questions. You should be able to get in without a problem.
To wrap it up,
I will warn you one one important thing, if you do not have access to their e-mails. They will get an e-mail notifying that someone is trying to log in on their accounts and your IP will be shown to them.
So, what that means is to always hide behind a VPN or a proxy so you can't be traced back.
Try to take over their e-mails if you want or simply delete the notification e-mails so they do not notice.
Taking over the e-mail will be an obvious sign that they got hacked and they might try to retrieve the e-mail password, so be sure to change the e-mail password and security questions immediately so they cannot get it back. Only take over the e-mail once you have completely stolen and gained access to the Facebook account because they can easily change the e-mail on the Facebook account and you'll be screwed.
3) Regaining access
[b]This is a new section on the tutorial which I decided to include since it's important to know if accidents were to happen.
Person updates their security
Person continues updating security
Person finishes security
So, what this means is that you will be left out of their account if they update their security information and you will have to bypass all the security measures all over again.
This is what you will see:
This is what will show telling you "You used an old password"
This picture shows that you have logged in with their old password, and will ask to confirm that it's in fact you.
The options to using old password.
This will give you the options of how you confirm that it's in fact you.
Identify your account (Note that you are the one who has to identify yetagain)
I chose to confirm using profile URL. There are a variety to choose from.
Linking to profile
I linked it here.
Applying CATCHA security
Fill out CAPTCHA.
My account has been hacked and I have access to my login e-mail
Confirm My Account
This is the page where you could retrieve Facebook into sending you the new password to their e-mail (If you have access) or even perhaps a different e-mail. Make your story sound as believable as possible, so don't type like you are 10 years old.
Well, I believe that this is all I have to say. In a few days I will update my blog whit more Facebook hacking tutorials so stay on the blog and keep reading it.
You like us? Tell you friends about this. Recommend this site on google
You are hacked?
There are a number of signs that can indicate that your Facebook account has been hacked. You might notice Status updates that you didn’t post or receive replies to Facebook messages you didn’t send. That might mean that your account has been hacked. Immediately change your password and make sure you’re using the advanced security settings.
A certain indication that your account has been hacked is not being able to log in. This happens when the scammer who hacked your account changes your password. You can’t change it back because you no longer know what it is. Some scammers will even reset personal information so you can’t verify who you are.
The Facebook team is dedicated to helping you protect your account. Facebook has built systems that look for and block suspicious
activity, phony posts, and messages. Facebook also has a well-defined
process if your account is stolen to help you shut down the scammer and
recover your own account.
If your account is compromised, go to www.Facebook.com/hacked and ask Facebook to secure your account.
As
soon as you report this, Facebook locks your account. While you can’t
use it yet, the scammer can’t access it either. Facebook will then ask
you to complete security check to unlock your account.
Facebook makes this pretty simple so follow their four-step process to reclaim your account.
Once
you’ve recovered your account, be sure to set up advanced security
features to add an extra layer of security to your account. In
particular, be sure to enable secure browsing (https) and set login
notifications so Facebook will let you know immediately when your
account is accessed.
Subscribe to:
Posts (Atom)