3.3. LA TRANSFERENCIA DE LA PRÁCTICA EN EL APRENDIZAJE
3.3.2. LA TRANSFERENCIA POR LA VARIABILIDAD DE LA PRÁCTICA
Facebook has introduced a feature of using “Recovering password using Trusted Friends”. In this feature, if we have lost our Facebook account password, Facebook will send the security code to 3 friends. We have to ask those 3 friends for the security codes and after entering them, we can reset Facebook password.
So, in this hack, we will use this feature for hacking Facebook account password. So, you have to create 3 fake accounts and make sure that your victim adds them as his friends.
So, your 3 fake accounts must be listed in your victim’s Friends list. Now, if we use the above “Trusted friends” feature for resetting victim’s Facebook password, Facebook will send the security code to our 3 fake accounts and we can easily hack Facebook account.
You can use Social engineering skills so that your victim will have no doubt while accepting your fake account as his friend. This is the only tricky part of the hack.
Also, the fake accounts must be at least a week old. Once you are done with fake accounts, move to the steps below.
Step 1.
Go to Facebook.com and hit on Forgot Password link to get this page:
Step 2.
You have to enter the email of the victim, or even the Facebook profile name will do.
Facebook will search for profile name and you will be shown the account. Hit on “This is my account”
Step 3.
On the next page, hit on “No longer have access to these”.
Step 4.
You will be prompted for email address. Enter your email address here and hit on
“Submit”.
Step 5.
Facebook will ask you ask you to answer the Security question. Use social engineering to find out correct answer of question or else you can go for next steps by entering three
wrong answer ( Its not necessary you will prompt to next step of recovery because it depends on account to accounts )
Step 6.
Now if you will able to proceed into next step recovery through three friends. Here you have to select three friends from random lost generated by facebook. It is not necessary that you fake accounts will be there in the list but possibilities are always there.
Now we have to get codes from all three accounts which have selected during recovery process after getting code we can set new password. Email address change mail will be sent to the old associated email id of victim. The account will be locked out for 24 hours.
Now it’s attacker duty to get access before victim otherwise victim can recover his account.
# Victim can be easily recover his account by answering security question. Once you have set security question it cant be changed.
Facebook account security countermeasures
Enable HTTPS protocol
Using HTTPS instead of simple HTTP means that you are securing your communication between the server and your computer. No one will be able to hack between your computer and the server so you can be sure that all the information delivered to and from your computer is completely safe. Modern browsers can highlight the secure URLs with the information about the certificate issuing authority. Here is a screenshot of secure Facebook open in Firefox:
To enable HTTPS, you can login to your Facebook account and go to “Account ->
Account Settings“.
Select Account Security under Settings tab and check the box beside Browse Facebook on a secure connection (https) whenever possible
Use Facebook two-steps authentication (Login approvals)
Like Google, Facebook has also introduced two-step authentication service called Login Approvals. This service lets you login to your Facebook account by using your password plus a security authentication code sent to your mobile device. By enabling this service, you will no longer be able to login to Facebook by only using your password. You will always be required to use the password and security code sent to your mobile device.
Checking for facebook email phising attack and scams
While you are in Facebook, you should never click on suspicious links even if the messages were sent from your friends. Most Facebook scams spread by posting messages to walls of all friends of the infected user. The best place to get updated news about Facebook scams is Facecrooks.com.
Enable Login notifications
Enabling login notifications in Facebook will notify you when someone logs in from a suspicious location or computer.
To enable login notification, go to “Account -> Account Settings“.
Under settings tab expand “Account security -> Login notification“, check the following two boxes:
Send me an email
Send me a text message
Use Facebook one time password service
Like Hotmail, Facebook also provides the facility of one-time password. One-time password is a temporary password which can only be used once and expires within 20 minutes of creation. To enable this service, you’ll need to activate a phone number so that Facebook can send messages to your mobile. To register and activate a phone number you can go to “Account -> Account settings”.