One of the most common scenarios we observe on a daily basis are users coaxed into phishing campaigns and malicious applications on Facebook.  As we interact with our friends and family on social networks, we tend to trust of any and all of the information that appears to be from our “trusted network.”  However, Facebook is one of the most trolled social networks by cyber criminals.  They are waiting for you to make a mistake and once you make it, they will be sure to hack you and exploit your friends trust through your newly hacked account.

In this post, we’ll take you through the steps of how a profile on Facebook becomes hacked. Obviously, we don’t want you to follow these steps, but we hope that by arming you with this knowledge, you’ll be one step ahead in thwarting evildoers on social networks.

Step 1:  The hook

The hook always starts off with a friends hacked profile.  You’ll get a message (appearing to be from them) stating that you need to click on a link for something.  In most cases, it’s a “SHOCKING VIDEO” or “We caught you on tape” and the message will usually address you by your first name.

Here is an example:

Facebook Chat Phishing Spam
Facebook Chat Phishing Spam

Step 2: Phishing Attempt

Now that the cyber criminals have lured you in, they’ll need your user name and password to start the next stage of the attack.  The application link you clicked on will appear to look exactly like the Facebook login site, but if you look carefully you’ll see that you are not visiting Facebook.com, but rather a malicious copy located at another website address.

Example:

Facebook Phishing Page
Facebook Phishing Page

Step 3: Gaining Full Access

Now that you’ve clicked on the link and given them your credentials, they will also request that you give their malicious application full access to the personal information and various rights to post information via your profile.  This ensures that they will be able to spread this attack out to all of your friends and family once they are through with you.

Malicious Application Permission Page
Malicious Application Permission Page

After you give the malicious application permission, the attack will now start targeting your friends.

In this example, we see a few of the victims friends falling for the trick:

Facebook Friends Hacked
Facebook Friends Hacked

So there you have it.  Hook, line, and sinker.

What do you do if your Facebook profile has already been hacked?
Step 1: First things first, remove the permissions you gave the malicious application by clicking on Account > Application Settings in the top right corner of your Facebook profile.  This will ensure that the application will not continue to access your profile after you change your password.  The direct link is: http://www.facebook.com/editapps.php?ref=mb

Click on the X next to the application name.  In this case, our application was called Video Player:

Facebook Applications

Facebook will ask you if you are sure that you want to remove permissions.  Click Remove.

Facebook Application Settings

Step 2:  Change your password!

Click on Account and then Account Settings under the top right menu of your Facebook profile.  The fourth item down is where you’ll change your password.  Be sure to use a unique and complex password that cannot be easily guessed.  Here are some tips on how to create a secure password: http://www.microsoft.com/protect/fraud/passwords/create.aspx

We hope that you take this information and share it with all of your friends so they know what to do in the event of a similar attack on their profile.

Share

Stay safe out there!