People love to feel as though the password that they’ve imagined keeps all of their personal information completely secure, but in reality, they couldn’t be any further from the truth. For all of the sensitive information that people host on their social networking accounts, ultimately, there is only a string of character separating anybody from having access to everything that users hold dear. While users are constantly encouraged to incorporate a diverse variety of characters in their passwords, breaking through the characters in order to gain access to the account can sometimes be nothing more than a simple matter of creativity.
The first manner of getting into a Facebook account is the same method that many people have likely resorted to in order to get into their own account when they’re forgotten their own password. Brute force hacking is simply the act of taking as many different possible combinations of character and number chains possible until the successful chain is finally submitted. Naturally, going through such a process manually is extremely time consuming to the extent that its usually reserved more as a desperation tactic than a legitimate method of account infiltration. If a would-be hacker manages to crack into an account via brute force, then it is generally more a matter of luck than precise planning and technique.
One of the more sophisticated manners of breaking into an account is, ironically, not breaking into it at all. If brute force can be compared to attempting different combinations to a padlock until finally clicks open, then phishing can be compared to getting a person to input the correct combination themselves and saving the number. With the use of a simple combination of PHP hosting and HTML manipulation, a hacker can create a mirror image of any webpage that they desire. In the case of Facebook, a hacker can create the image of a webpage that is completely identical to the Facebook log in page.
By rewriting some key aspects of the page’s script, the hacker can order the page to go through a certain sequence of actions once an unsuspecting user fills out their personal login information in the user name and password fields. The user will simply get a 404 error page, but secretly, the hacker can have the text that the user entered be written to a word document that’s located on the control panel for the server that they’ve created the fraudulent Facebook page on. From that point on, it is simply a matter of the hacker inputting that same text into the user name and password fields on the legitimate Facebook homepage; after that, all they must do is change that original password to assume complete control of the entire account.
In spite of the great lengths taken to educate social network users about those who would attempt to compromise their accounts, there are still many casual users that are completely clueless. From forged emails to public machines, there are endless ways for phisher to lure a user into essentially hacking into their own account. The only way to defend against getting hacked by a phisher is to pay special attention to the domain name-spelling in the URL string, which will never be completely the same as the legitimate domain name of “Facebook.com”.