Account Phishing
Facebook Login Field in Homepage
Phishing is a method of obtaining access to an account by using a fake login page to capture login information. For example, a hacker must first create a replica of a login page which instead of logs you in the site, captures any login information entered. The hacker then targets a victim and lures such person into logging in through the fake login page. When this is successfully done, the login information is received and saved. This is applicable with facebook and any website.
Social Engineering
Social Engineering to gain information.
Social engineering involves taking advantage of relationships or creating relationships with people to gain their trust. By gaining these values, it is possible to lure people into giving you sensitive data which can indirectly lead you to the victim’s password. Sensitive data includes security questions, birthdate, as these can be used to recover accounts.
Account Recovery
Attempt to recover password given email access.
This is often what follows social engineering – after necessary information has been extracted from conversations. Recovery is technically a way recovering lost accounts and forgotten passwords. But this is often used as a security hole since it can be easily lured for a different purpose such as hacking. The only way to remedy this is to secure a safe security question.
Facebook Applications
Application requesting permissions to access.
By allowing untrusted application to your account, the owner of the application can obtain control over certain aspects of your account usually posting ability. This is common and most are surprised when they see posts under their name which are often unfavorable and not posted by them. This is technically not full access but can be used to illegally promote websites, products and what not.
No comments:
Post a Comment