Top 10 Ways That Hackers Use To Hack Facebook Accounts

OODA LLC  experts engage with clients across multiple sectors of the economy delivering CTO as a service and CISO as a Service engagements. One thing we have observed is that for many firms, Facebook is like the soft underbelly of the organization. Attackers can target the firm via the personal accounts of employees.

With over 2 billion users, Facebook is perhaps the most sought-after social networking platform for cybercriminals. Facebook is targeted by hackers because it is one place where the scammers/fraudsters can access your email and other personal identifiable information because of Facebook’s real name policy. The risks of Facebook hacking are not only from hackers but from exes seeking revenge and companies engaging in cyber espionage on rival companies. Facebook can be hacked even if you have chosen strong passwords and taken extra security measures.

So, what can you do to prevent your Facebook accounts from being hacked? In this article, we make you aware of some of the attacks carried out by hackers on Facebook and how you can prevent them by knowing where and when the cybercriminals can strike.

Hack Facebook Account Password By Phishing

Phishing is one of the most popular attack route used by attackers for hacking Facebook accounts. While there are many methods to carry out phishing attack, a clone very real looking Facebook login page is the most used method. cybercriminals create a fake login page which looks similar to the original Facebook page that even seasoned Internet users are fooled into believing. The victim’s “Email Address” and “Password” is stored into a text file the moment the victim logs in through the fake page. The hacker then downloads the text file and is now able to view the victim’s credentials.

How To Avoid Phishing Attacks

  • Never log into your Facebook account on other devices
  • Avoid emails that ask you to log into your Facebook account
  • Always use Chrome, as it identifies the phishing page

Saved Passwords From Browser

The browser always asks to save the username and passwords on the computer whenever you try to log into a new website making it easy for hackers to hack your password. You can visit this URL and can see username and passwords you saved in your browser:


Tips To Protect Yourself

  • Never save login credentials on your browser.
  • Always use the strong password on your computer.

Email ID Hacking

One of the old time favorites amongst cybercriminals to hack the Facebook account is email ID hacking. All the hacker needs to do is access the connected email id of any Facebook account and manually reset your Facebook password. The best way to protect yourself against this kind of hack attack is to enable 2-factor-authentication.

Tips To Protect Yourself

Use Strong passwords for your email account

Enable 2 step authentication in your Gmail account

Never enter email account on unnecessary sites

Mobile Phone Hacking

Smartphones these days have made it easy for the Facebook users to access their accounts through their devices. If the hacker can gain access to the victim’s mobile phone, the hacker has access to the victim’s Facebook account. While there are several mobile spying softwares used to monitor a mobile phone, the most popular are Spy Phone Gold and Mobile Spy.

Tips To Protect Yourself

  • Use a trustworthy mobile security and Antivirus program on your mobile phone
  • Never install apps from unknown sources
  • Uninstall suspicious apps once you notice

Viewing Masked Passwords

Any hacker can view your masked passwords (****), if your browser has saved your Facebook login credentials. All the hacker needs to do is to make some changes from inspect element in your browser. Therefore, never leave your PC when it is on the signup page. It is recommended to never save your Facebook or other login credentials in your browser.

Session Hijacking

If you are accessing Facebook on an HTTP (non-secure) connection, a hacker can initiate session hijacking to steal your Facebook data.  The hacker steals the victim’s browser cookie in a session hijacking attack, which is used to validate the user on a website and access the victim’s account. Session hijacking is extensively used on LAN and Wi-Fi connections.

USB Hacking

An attacker who has physical access to your computer can just insert a USB pre-installed with keylogger malware which can steal any and all the information stored on your computer.

How To Protect Yourself

  • Insert trusted USB devices into your computer
  • Scan for USB devices once you plugged in
  • Don’t purchase second-hand USB devices

Social Engineering

If you are using simple passwords like mobile number, DOB etc., even a noob hacker can guess the password and hack into your account and collect your personal information.

Tips To Protect Yourself

  • Never share your personal information via email, phone, chat messenger
  • To avoid the risk of Baiting, block USB devices
  • Avoid links from suspicious or unknown sites

Hacking Wi-Fi Network

Cybercriminals can target your Wi-Fi router if you are still using the default Wi-Fi router credentials or have set an easy password. Once they are into your Wi-Fi network, pretty much every information that you transmit over the Internet is accessible by hackers.

Tips To Protect Yourself

  • Don’t use Free Wi-Fi or public Wi-Fi
  • Change your Wi-Fi password on a regular basis
  • If you are using public Wi-Fi, always use VPN (virtual private network)


Leaving your computer unattended while being logged into your Facebook account is one of the biggest mistakes most people do, as it can give easy access to hackers. Therefore, ensure that you log out from your Facebook account every time you log in.

For more see:

OODA LLC – Technology Due Diligence – CTO as a service – CISO as a Service