How to hack Facebook pages via social engineering attacks

Facebook is the most popular social network in the world; therefore it is the most attacked by hackers, as IT security services experts mentioned. In that article, specialists describe some of the tactics employed by threat actors to take control of the accounts of unsuspecting users.

A recently detected incident relates to “Indira Shishani”, an alleged profile of an attractive young woman who contacted some users offering new job opportunities with high salaries. The person behind this profile claimed to work for a company called “Facebook Advertising”.

To gain greater credibility, the attack operator mentions that no admin access to the page is required: “You can make up to three ads or post up to three articles a day via Facebook and earn up to $400 USD a day,” the attacker said.

The victim was to publish articles from websites such as buzzfeed.com, diply.com, boredpanda.com, USA Today, among other sites, AS mentioned by the IT security services experts. In addition, according to specialists, the attackers assured the victim that no malicious content or any kind of content restricted by Facebook would be posted on their page: “We have professional content creators who write articles and make videos,” they said. They then tried to get the administrator’s email address, promising to pay per day and adding that payments would be made through PayPal.

Subsequently, the attackers asked the victim to register for their app, sending an invitation link and mentioning that this site belonged to the official Facebook platform.

Fortunately, the victim noticed suspicious behavior, so before continuing he asked the attacker to speak on the phone, as well as requesting more identity checks and a physical address. The victim’s requests were rejected by the attacker, who claimed that, by company policies, he could not have phone contact with anyone.

According to IT security services experts, when a phone number was finally provided to the victim, the line was answered by a receptionist who immediately said he was targeting a developed social engineering campaign, so the user cut off contact with the attacker.

Social engineering is one of the most common forms of cyberattack, because by not employing sophisticated variants of malware or exploits that require extensive technical knowledge, it is possible for any user to deploy an attack using fake profiles and photographs taken from other social networks.

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.