The Terrifying Ease of Hacking a Facebook Account


hen you hear stories of a business or marketer getting their Facebook account hacked, you assume they were unlucky and that this sort of thing will never affect your own accounts. Unfortunately, the statistics regarding ad account hackings are getting scarier, and it seems hackers are developing more methods of achieving the same goal. 

In this guide, we’re going to dig into the dark side of the web and explain some of the ways that hackers gain access to a Facebook account. This might scare some people, so we’ll also finish each section with advice for securing your Facebook account and what actions you can take to prevent this.

1. Password Cracking 

When we think of hackers, we tend to think password cracking. While there are a variety of ways hackers use to crack passwords, here are a few simple and common ones they use that you should be aware of. 

  • Brute force - A brute force attack is any attack where a hacker is guessing passwords to access a system.  A simple brute force attack would be a hacker continually trying to guess your password based off of a combination of interests in your life. For example, the name of your significant other and year you were born.

  • Dictionary attack -  Another form of brute force attack is a dictionary attack. This is where a hacker runs your password with a list of common words and passwords. Downloading a list of commonly used passwords is as simple as a Google search. Hackers can run these against yours, and if it’s on the list, they’re in.

  • Security Questions - Most platforms (including Facebook) have an added layer of protection by having you select and answer a question in case you forget your current password and need to reset it. The issue here is that most people tend to overshare, online and in person. What was the name of your first pet? Well a simple #TBT post reminiscing the days of your good ole dog Max contains the answer. With this information, hackers do not even need your password, they can bypass it and create a new one. 

Protecting Your Account - The first step is to ensure that you avoid weak and common passwords. In other words, it might seem cute to have your password as your partner’s name or a combination of your names, but it’s inept as far as security goes. Be sure to also use a unique password for each platform you create an account with. If one site that you have reused a password with gets hacked and a list of user passwords gets out, that means that all of your accounts with that password are now vulnerable! If you have trouble remembering which password goes with which platform, consider downloading a password manager. Additionally, use a security question that only YOU will know the answer to. 

2. Keylogger 

A keylogger is malware software attached to a keyboard that tracks everything typed. Over time, this technique is becoming more reliable and more successful (although we hate to say it!). Through this software, hackers can gain access to credit card information, email accounts, social media passwords (like a Facebook account), and more. 

How do they get the software onto your device? There are a few methods: 

  • Drive-by downloads (by infecting a website) 
  • Phishing emails
  • Infected link or pop-up 

Protecting Your Account - As time goes on, clever hackers are designing keyloggers that aren’t seen in the task manager of your device. Therefore, the best way to avoid this software is to be cautious online. Don’t click on questionable links, stick to reliable websites, and delete any emails you think are suspicious. 

You can also download security software that prevents a keylogger from activating on your device. Before it has a chance to get set up, the software will block the malware and you can count your lucky stars. 

3. Phishing 

Perhaps the biggest hacking technique for Facebook and the wider internet is right now phishing. 

By creating a duplicate of a popular website, scammers can entice people into the wrong version of the platform and steal passwords and other sensitive data. Even for some experienced internet users, it’s hard to tell the copy from the original. With Facebook, this is something that catches many users out every single year. For a business, they think they’re logging into their ad account only to find that it’s not the genuine Facebook platform at all. 

To make matters worse, hackers don’t need much knowledge or technology to get started. 

Protecting Your Account - To prevent becoming yet another victim to a phishing scam, it’s important to double-check the URL in the address bar before entering any personal details. Also, be wary of any emails sent from companies. If a company sends an email, don’t just click on the link without thinking. Especially with Facebook, any notifications will be accessible after logging in so go through your browser as opposed to clicking a link in an email. 

Additionally, you should see the padlock or green color to suggest a secure HTTPS in the address bar. If you don’t see either of these two things, click away from the website immediately. 

4. Wi-Fi Sniffers 

Ever been told to be careful what public WiFi you use when away from the home? Quite right, and this is because cybercriminals use so-called ‘WiFi sniffers’ to break into a network. Once inside, they see all data sent and received (this includes all passwords!). On top of this, they will skim addresses, card data, dates of birth, email addresses, messages, and emails. 

Protecting Your Account - First and foremost, ensure that your home Wi-Fi has a strong password. From here, you can check the encryption method and look for WPA2 as this is an updated and stronger version of WPA which uses AES encryption.

What about using public networks? Well, we advise only using a public connection if you are using a VPN  (virtual private network). If you can’t be sure who is connected to the network, don’t take the risk of using it without a barrier of protection. 

5. Browser Extension Hacking 

Next up, this is an interesting one because it provides the hacker with some control without accessing a full Facebook account. Normally through a malicious web page, you’ll be encouraged to download a browser add-on. Although it might seem innocent at the time, this add-on allows the hacker to perform certain actions. For example, this means joining Facebook groups, liking posts, posting to your wall, and more. While it might not lead to financial damage, it has the potential to damage your reputation as a business when a hacker is posting to your wall. 

Protecting Your Account - If on a third-party website, make sure you can trust the page and the service before downloading anything. Also, keep an eye on your Activity Log on Facebook. If you see something that you don’t recognize, report the problem to Facebook and delete any recent extensions. 

6. Shoulder Surfing 

So far, we’ve gone through all sorts of highly advanced and technical hacking methods, but we mustn’t forget where we came from. Surprisingly, shoulder surfing is still prominent in today’s society. Why would hackers go to all the effort of trying to trick people into downloading a file when they can look over the shoulders of internet users? Granted, this is a low-tech solution and a small-scale operation, but you still need to be aware because the consequences are just as serious as all the other threats on this list. 

Protecting Your Account - When in public, be aware while on your smartphone and try not to log into any important accounts. Also, like many years ago, we shouldn’t talk about vacations in public because this tells people when your property is empty. 

For iOS users, all passwords are automatically hidden. When on an Android device, you can turn this setting on; head into the Security settings, and uncheck the ‘Make Password Visible’ option. 

7. Browser Vulnerabilities 

Next up, many hackers take advantage of outdated web browsers and the security gaps that exist in these browsers. Over the years, we’ve seen plenty of security issues appear with web browsers, and the developers are forced to create fixes (which is why you’re asked to update the browser every so often). 

Protecting Your Account - At all times, make sure your web browser is completely up to date. Don’t just think that browser updates are all about new features and aesthetic changes, they often contain security improvements too. 

8. Trojan Horses 

As a malicious program, users think that the program will help them to achieve a goal while it actually just allows a hacker to control a computer and spy on actions. You might see malware Trojan referred to as remote keyloggers, but there are some differences between the two. Either way, the former can record keystrokes and other actions the device user performs. 

Unfortunately, Trojans can hide in seemingly legitimate documents online. For example, you might find them in an AVI media file or a PDF file. The reason they are still so prominent is that they’re contained within a website, email, pen drive, iPod, and many other documents and devices. 

Protecting Your Account - As we’ve said, don’t trust unknown sources and don’t download software when you don’t know the sender. Even if it’s a simple media file, stay away. At the same time, keep your anti-virus software up to date.