Dissection of a Facebook hack or how your identity can be stolen

Dissection of a Facebook hack or how your identity can be stolen

Panda Security sent me this article that I found extremely interesting to avoid losing the account of one of our most common communication channels: Facebook.

PandaLabs, the laboratory of Panda Security The Cloud Security Company- has received numerous news and complaints from users whose profile has been hacked on Facebook and their identity has therefore been at risk.

Far from phishing or spam attacks, which are already recognized by many Internet users, hackers are trying new methods that, at least for the moment, seem to be paying off.

This is the dissection of the technique most commonly used in recent months:Step 1: the hook

The hook usually comes from the profile of a friend who has already been hacked. The user receives a message (which seems legitimate and authentic) indicating that it is necessary to click on a link for something.

In most cases, this message is of the shocking video type or you appear in this video, and it is usually personalized with the user’s name.

Step 2: Phishing Attempt

Now that the cybercriminals have caught the user’s attention, they need your username and password to initiate the next phase of the attack. The link for the application they clicked on looks exactly like the Facebook entry page, but is actually a copy hosted at another web address:

Step 3: Get full access

Now that the user has clicked on the link and provided their access data, they will be required to grant the malicious application full access to their personal information, as well as rights to publish information through their profile. This ensures that they will be able to spread this attack among all the user’s friends and family.

After obtaining permission, the attack will target the victim’s contacts and start the process over with new users.What to do if the Facebook profile has been hacked?

Step 1: First of all, remove the permissions that the user has given to the malicious application. It is a simple process: from Account> Application settings in the upper right corner of the Facebook profile. This will ensure that the application no longer has access to the profile after the password is changed.

Step 2: Change the access password! To ensure that our identity is safe, it is advisable to change both the user and the password to access the social network (a practice that we recommend doing every little time). It’s easy too: by going to Account> and Account Settings in the menu in the upper right corner of the Facebook profile. It is also recommended to use passwords that cannot be easily guessed.