How to Hack a Facebook Page
This blog is for educational purposes only. All of the tools and tactics used here are for ethical hacking and for the education of others to guard themselves from phishing attacks.
Having a social media account hacked can be a traumatizing experience. It is an extreme invasion of privacy, and can be similar to the experience of a home invasion. The more our lives are intertwined with our social media accounts, the more personal it becomes. Imagine you are the victim of such an attack. All of the private conversations you had with your friends and family members as well as your personal email, password, and so much more now in the hands of an unknown enemy. Once a hacker gets into one account he/she is looking to gain access to other accounts, quickly. Hopefully you’re not using the same password for multiple accounts…
Oftentimes hacks occur as a result of a social engineering attack or a phishing attack, sometimes a combination of the two. Today I’m going to show you a very popular method that hackers use to steal your credentials.
The program in this demonstration is called “Zphisher”
Zphisher was created by a developer and was first released on GitHub in August 2020. Since its release, it has gained some attention within the cybersecurity community, mainly for its educational purposes in demonstrating phishing techniques.
Zphisher is on github for download along with instructions and it is used widely on linux systems. I will not give you instructions on how to download it or to use the program in order to prevent its misuse. I will present my findings to you so you can guard against this tool.
What does this program do?
Zphisher will generate an exact replica of a Facebook login page. If someone were to click on the link it will take them to your replica page, and when they type in their Email and Password, it will actually be stored in a file for you to see on your computer.
Let me give you an example.
Once downloading Zphisher, you have the ability to select what kind of phony page you want to create. This program will make a replica of all the options below. Essentially, its not just Facebook or Instagram you’ll have to worry about but a login for Roblox, or your Xbox account, even a Github page.
After your selection you’ll be able to customize a few settings of your liking, but once you have your own custom URL the page would look like this below…
Looks authenticate doesn’t it!? Once you type in an email and password here, the hacker would be able to view those credentials. Once you click “login” the website won’t actually log you in, it will redirect you to the ACTUAL Facebook login page, as if it was just a glitch. Their might even be an error message displayed, leading you to believe this was a temporary technical issue with the site. This is why it is extremely important to look at full URL’s and never visit a Facebook page unless it comes from “Facebook.com.”
Using this program you can also customize what you’d like the link to say. In this scenario I chose Faithboook instead of Facebook. To the trained eye, this might have been caught, but to someone in a hurry, or any unsuspected victim, they wouldn’t even realize anything is happening.
Above is an example of what will appear on the hackers’ screen. The Email, Password, and Even IP address is displayed! This is an incredibly dangerous tool!
Awareness is key when defending against a phishing attack like this. You might see a link sent to you in a text message or in an email. In this day and age many people are often sharing entertaining Tik Tok or Youtube videos as links. If you’ve received a link from someone, best practice is to have them send it to you through the app. And never log in using a URL. Perhaps download the app for that social media account and search for your video there!
Please Follow this page for upcoming tutorials in more depth!
Please Comment for questions about this Program.
