'Hack Facebook' works great - on YOU, not your intended victim

Filed Under: Facebook, Featured, Security threats

Facebook. Image courtesy of ShutterstockWant to hack a friend's Facebook account?

That's exactly what the "Hacking Facebook" site* promises it can do for you.

Actually, though, it turns out that it's not so much that the site can hack for you, but it most certainly can do it to you.

Security researcher Joshua Long writes that he tracked down the site after getting spam flaunting its Facebook hacking services.

What it's really up to, he writes, is a spendy little scam that offers to let you watch a Real! Live! Facebook! Hack! ... which, if you want to continue with this supposed "hack," requires that you send two SMS text messages to a number for codes:

"In short, the site tricks wannabe hackers into sending texts to a premium SMS number (81073), which leads to charges on their next phone bill.

"The site may also collect login details that could later be used to try to hack into the would-be hacker's various online accounts (Facebook or otherwise), and of course once the spammers have your phone number they might also send you text message spam (or sell your number to other spammers)."

Long offers this rough translation of the promises made by Hack Facebook:

Our site offers recovery services for the social network Facebook, our tool ensures you to hack a facebook account without software assistance.

Hack-face uses the most advanced exploits as well as 5 methods of decryption, so it is possible in a few minutes to get the password for the targeted account. Instantly receive email logins on your choice so that you can get access.

SMS scam. Image courtesy of ShutterstockThe site mixes wording associated with legitimate security services with that of malicious hacking, Long notes, as it first offers "recovery services" for regaining account access (sounds benign, eh? Don't count on it, he says), then jumps to the promise of hacking an account "without software assistance" and using "the most advanced exploits" on top of "5 methods of decryption" to get a target's password.

Long says there's also a portion of the site that offers a "Facebook Penetration Testing Tool" that uses "new technologies such as the cloud and exploit kits" to "effortlessly" hack Facebook.

What a mess of duplicitous verbiage, Long muses:

"The term 'penetration testing' implies that the tool attempts to find security weaknesses in a system with permission from the owners or operators of that system.

"I think it's fairly obvious that Facebook does not want everyone in the world to be able to hack into everyone else's account."

Definitely read Long's full post for his hypothesis on how the site might be rigged to get your login details, on top of the premium text-messaging scam it's pulling.

Naked Security offers some tips on dealing with mobile SMS/text spam here and Long provides a list of instructions for how to opt out of receiving premium text messages or disputing charges for most US providers.

*No, sorry, I'm not including a link to this site. I love you too much to expose you to such peril. Besides, Long fuzzed out the URL.

Image of Facebook page and SMS scam courtesy of Shutterstock.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.