Four months agone, I unmasked a Facebook "hacking" service called FBSniffing and how it really doesn't actually "hack" simply instead sign in users to a mobile service they never asked for.

In this post, I'll be talking nigh ii more than sites claiming to offer hacking services that target Facebook users. The sites are:

  • fbwand(dot)com
  • hackfbaccountlive(dot)com

fbwand(dot)com

fbwand dot com
click to enlarge

fbwand is a website created inside the get-go iv months of 2014. It claims to be a tool that can get into Facebook in iii easy steps.

FBWand uses the latest security holes in Facebook, then you tin get into your adulterous husbands [sic], annoying bosses [sic] or any other persons [sic] Facebook profile and read messages, upload pictures or exercise anything yous like. FBWand is super piece of cake to utilise. Password isn't inverse in the dandy process so the user in question won't detect anything. Besides the method nosotros apply is undetectable by Facebook and probably won't exist patched someday [sic] soon.
To proceeds access to your victims [sic] Email and Password, yous will exist required to get an authorization lawmaking from us through referring friends to FBWand.

The default page is sectioned in three parts: the top contains an interface where users can enter the Facebook nickname of the individual the assaulter wants to infiltrate, the middle contains a list of the supposed hacking tool's key features with user testimonials, and the lesser contains an FAQ section, which mentions activation codes, "twenty seconds"—the claimed length of time the site can crack into a Facebook account—and the rule forbidding attackers to provide made-up data when filling in survey questions.

On its ToS though, nosotros tin see it of a sudden doubling back, claiming that the domain at nowadays is just a tool that simulates Facebook business relationship neat.

FBWand ToS click to enlarge

Fortunately, fbwand is no longer online at this time of writing.

hackfbaccountlive(dot)com

The hackfbaccountlive default website click to enlarge 

We are currently the #1 site in the Internet to provide this service for complimentary and at amazing speeds and success rate. Don't  believe us? Run into how many like and share we have on Facebook and other social media and nosotros are ranked #1 on google.
You lot may wonder why people hack Facebook accounts? [sic] The answer is simple. In that location are various reason equally to why one would desire to hack another persons [sic] Facebook account. Parents might want to see what their kids are doing online to monitor them. A beau or girlfriend might want to see what their analogue is doing behind their dorsum. A hubby would want to cheque if his wife is faithful or vice versa. Today in the world of Cyberspace social media has become one of the most trending thing for people of every age. Many people share their deepest and darkest secrets, interests, hobbies, likes and dislikes with their friends. And this is the reason why people desire access to others [sic] account to know everything about them.
We provide you lot with the best Facebook hacker available in the internet for absolutely complimentary. Now yous can hack Facebook password of simply anyone you want. No more wasting time downloading Facebook password hacker or whatsoever other Facebook password cracker tools available in the internet. Almost of these tools are fake and contain virus. This is why nosotros offer you this 100% safe service to hack anyone on Facebook correct from website hacking panel. No plugin or absolutely no download  required. Go started now!

If you think that all these audio over-the-pinnacle, they probably are.

This domain was created within the same time frame asfbwand. Clicking the "Click here to outset hacking" push button leads to a page where users can supposedly enter the Facebook contour link of the business relationship they want hacked. From here, ane can also accept set admission to a "Members Console" department, where whoever is registered can enter his/her user proper noun and respective password to access results from the supposed hack. More on this in a few.

This slideshow requires JavaScript.

One starts off past inbound the profile URL of the Facebook user account (the target) he/she wants to hack. The site then makes him/her believe that an bodily hacking is ongoing, firstly, by retrieving and displaying specific information from Facebook's Graph Search, such as user ID, user proper noun, and a large version of the contour photo, to the page; and, secondly, by providing the attacker the progress of completion of each hacking endeavour. Below are screenshots of these attempts, starting time with purportedly fetching the target'due south e-mail ID:

This slideshow requires JavaScript.

Subsequently a successful "hack", the site informs the attacker that they accept created an account for them on the website, complete with a generated user proper noun and password, and that they accept to log in to their accounts to retrieve the target's Facebook account details. Just when it seems also easy, the aggressor sees this upon logging in:

click to enlarge

He/She is instructed to unlock the details in two ways. One is to share a generated referral link to their social networks (particularly Facebook and/or Twitter) in club to become xv visitors to click it. Below is a screenshot of the tweet the attacker is encouraged to use in sharing:

Tweet template
click to overstate

Doing a quick search on Twitter reveals these live tweets:

Twitter search results for sharesocial(dot)biz
click to enlarge

Second is to complete a survey by clicking a button, leading to a site called Download Files Fast.

This slideshow requires JavaScript.

Users are also beingness redirected tocommentpiraterfacebook(dot)org, a site in French, when they visit hackfbaccount(dot)com and they live in a state that speaks the language.

Although it's truthful that no website is perfectly secure one must not attempt to hack into them nor break into someone else'south online profile. These are illegal acts. Sites marketing themselves equally gratuitous, user-friendly hacking-as-a-service (HaaS) tool, such as those I mentioned here, generally takes advantage of user distrust against someone and profits on it, promising big but deliver zero in the end. Avoid them at all cost.

Jovi Umawing