Using Social Engineering to Hack Facebook
The hacker wearing his social engineer shoes will probably do something like this:
1. Learn Who Your Friends Are and Collect Them
If your friend list is public, this social hacker, who we will call “Schmuck”, will first familiarize himself with your friend list. Then, he will choose a friend of yours, which we will call “Buddy”, who has enough mutual friends with you.
Schmuck will steal the identity of Buddy, by creating a profile with the same username and profile picture. He will then send friend requests to the mutual friends between you and Buddy (excluding yourself) and pretend that his original account was hacked.
Schmuck now starts the process of collecting confirmed friend requests.
2. Social Pressure You Into Accepting Him
Once Schmuck has a good enough number of your unaware friends on his list, he will go for the big fish: Schmuck will send you a friend request, using Buddy’s fake identity. Given that a) it appears to be your friend, b) your mutual friends have this person on their lists as well, and c) Schmuck sent a nice little paragraph explaining how he lost his password and had to start a new account, you will probably accept.
3. Gloat at Accessing Your Profile
Schmuck has obviously succeeded in accessing a private profile. If his initial purpose was snooping in your private life, you probably have nothing to worry about, except for some embarrassment. That might not be his purpose though…
4. Hack Facebook Account/Send a Virus
… there are good chances that Schmuck went through all this trouble to do something slightly more evil than just snoop; such as steal your password or send you a virus. He might send you a very unassuming message with a link that leads you to a Facebook sign-in page, which many people would use to re-sign in as they would attribute it to expired cookies. This sign-in page would record your log in info, which Schmuck will use to send a similar link or links to other compromised sites to your friends.
0 comments:
Post a Comment