Phishing for Social Media & Other Account Passwords (Update 2021)
If you read this article, you can see how phishing techniques can be used to crack passwords from email programs like Facebook Messenger or iMessage on iOS to read your chats.
It’s your friend Frankie again – this time I’m talking about the oldest and most common method of Internet commerce: Phishing.
Phishing is used to steal credit card numbers and hack into confidential Facebook or iMessage messages and chats.
If you give me a minute, I’ll give you a brief explanation of how this system works.
First of all, I must remind you that espionage or hacking into someone else’s account is a crime punishable by strict laws almost anywhere in the world. I do not approve of this behavior and I am not responsible for your actions. This manual is for information purposes only.
Here we go.
What is Phishing?
This is a form of fraudulent behaviour aimed at stealing sensitive information such as credit card numbers, account passwords and other sensitive data.
That’s how it works:
You will receive a fake email with legitimate images and logos from a brand you trust, such as Instagram, Facebook or your bank. In this e-mail or on the linked website you will be asked to enter personal data, such as your login name or credit card number.
Of course, this official form does not lead to the target, but your references are sent manually to the thief’s database.
You can read this guide for several reasons. For example, for parents who want to access their children’s social media accounts to protect them from online threats, for spouses of people suspected of fraud, or to protect themselves and their data after becoming victims of phishing scams.
No judgment here, these are all perfectly reasonable reasons. However, you should be aware that the information I provide is for general information purposes only – phishing is a criminal offence.
In short, I take no responsibility for the decisions you make with the information you receive.
What’s more, the people investigating the scam will be able to find you based on the clues that were left behind when the scam started.
However, I have created this guide so that you have a complete guide that gives you all the details so you can :
- Create a fake email sent from a social network (Facebook in the example).
- Create a page similar to the Facebook login screen.
- Access your database to retrieve your password
Or you can:
- Learn how to protect your account against such attacks.
Moreover, Sun Tzu (a famous Japanese writer) says in his book The Art of War :
If you know your enemy, you have a better chance of defending yourself.
Now that we’ve eliminated that problem, let’s move on to what you need to know.
Obtaining the certificates (Facebook, Instagram, etc.) using Phishing techniques
NECESSARY :
- Computer
- Above-average computer skills
- You have the possibility to use and create a new e-mail address.
- Basic knowledge of HTML and programming language
- Understand you’re committing a crime using your phishing tactics.
If you meet these conditions or if you are happy with them, then you have come to the right place to continue reading.
This technology gives you access to Google, Gmail, Instagram, Outlook, Facebook and other social networks and accounts.
To simplify the instructions (and give an example that you can recognize), we can apply the phishing technique to Facebook.
No, miss: An effective way to hack into a Facebook account.
1. Creating a fake email account
One of the first steps is to create a fake email account from which you can send a message to the victim, so take the time to create one.
Personally, I advise you not to use traditional options such as Gmail, Outlook and Yahoo.
Think about it: Has Facebook ALWAYS sent you an email ending at @gmail.com? No, I didn’t.
Ideally, you would like to buy a domain that is similar to, for example, Facebook. B. FacebookCommunication or FacebookAlerts. This will cost you money (usually 20 dollars).
Most email vendors do not want to allow the use of the trademarks of companies such as Instagram, Facebook and other similar organizations.
Choosing an alternative may also be an option, such as B. the less popular Yandex.
It is now time to type the text that will be sent with the e-mail. Below are some examples that you can personally copy, paste and change when it suits you.
Example 1
Dear Facebook user, During recent account checks we could not verify your data. In accordance with Facebook rules and regulations, which you agreed to when you signed up for our service, we need to verify your real information. All you have to do is log in and fill in the form that we will provide you with. Otherwise, we’ll have to close your account.
Example 2
Dear Facebook users, we have changed our privacy and usage policy. Log in to Facebook to accept the new terms and conditions. Failure to do so may result in deletion or suspension of your account.
Once you have created a fake email address and constructed the text of the message, you must proceed to the most difficult part: creating your phishing page. This page should look like the Facebook login page.
2. Create your own detailed Facebook login page
Before you can create your site, you need a web host. Here you can create a phishing page.
Free hosting services are always my first choice, and they are numerous (e.g. 000webhost.com, freehosting.com, etc.).
- Choose one and log in. Just follow the procedure to create a new site.
- You can then download and extract this file (FilePhishing.rar). I made it myself to speed up your process. This is the HTML code used to copy the exact Facebook login page.
- Access to the list of files on the site – usually from the file manager (the wording may vary slightly depending on the host).
- Delete the .htaccess file and replace it with the file you downloaded two steps ago.
- To see the page you have, right-click on the Facebook file and click View.
- Now copy and paste the URL (link to page) into the email you created for your phishing attack.
If someone connects to a fake site, the data is saved and you get the jackpot!
3. Access to the database to view registration information
I bet you can’t wait to see if the plan works, can you?
To see them, just reconnect with the host and go to your website.
You can find a new log.txt file. If you right-click, you can click View and your Facebook data will appear.
I repeat, I take no responsibility for what you do.
Limitations of Phishing
Although you may be happy and would like to try this technique, I would like to temper your enthusiasm.
This approach has limitations, in particular with regard to finding information on access to data in a social network.
Let me show you something.
Limit 1 : Two-factor authentication may prevent you from trying to access your account with the data you receive. User account security is now commonplace and users receive an email alert for suspicious activity when an account is accessed (or attempted to access) from an unknown device. In these situations you run the risk of getting caught.
Limit 2: All the victim has to do is look at the URL when they reach your homepage to see that it’s not Facebook – the target may be suspicious.
Limit 3: They may end up in your junk mail folder, because modern email providers can often filter out messages with false links.
Limit 4 : Because it is an old technique, it is easy to recognize, even for those who have been online for years. It’s harder than you think to lure the victim into that trap.
Limit 5 : Modern web hosting programs can recognize the HTML page code as the file you upload and do not allow you to publish it.
Limit 6: If you are reported for your fraudulent activities, this can have serious consequences.
SUMMARY :
- Usability : 2/10 – You should have a good understanding of HTML code, know how to create and manage new email addresses and have above average computer skills.
- The risk of getting caught: 8/10 – It’s easier than ever to catch anglers using phishing systems thanks to new alerts and alerts that appear when phishing is detected or suspected.
- Transparency of information : 2/10 – Information is not available immediately or in real time. You know that your victim can completely ignore the email, be the victim of spam or just feel that there is something wrong with the email.
- Remote control is possible: No – you can’t work remotely with this information because you have to manually connect to the database you created to see if the victim has fallen into your trap or not.
Frankie’s take:
I wouldn’t advise you to try, because you’re more likely to get caught than not. It is also difficult to create a phishing page. This temporary challenge is not always solved, and when it occurs, you are not immediately aware of it.
Alternative to phishing
As you have seen, you may not be able to use the information collected if you purchase it.
Don’t despair! There is a solution.
A spyware program known as mSpy can help you in this area. Although there are different types of spyware, this is the best I’ve tried.
With this mSpy application you can spy on someone’s PC or smartphone.
It was originally designed to monitor your children’s activities to protect them from the darkness that lurks in the corners of the Internet. Of course, there are other applications, such as. For example, determining a partner’s loyalty or monitoring employee behavior on company electronic devices.
I have to remind you that whatever you’re planning, it’s still a crime.
With this in mind, let’s look at the software and what it can do.
You can expect this program to intercept messages on WhatsApp or Facebook or even monitor incoming and outgoing calls.
It is also a simple solution for the two-factor authentication used by popular social networks.
The main features of this application are the following:
- SMS espionage
- Access to social media activities (Facebook, Instagram, Tinder, etc.)
- Read new conversations on WhatsApp and Messenger
- Real-time GPS tracking (tracking movements)
- View incoming and outgoing calls
- Viewing photos and videos on your device
- Reading and retrieving e-mails
- To find out more about all the other features and how they work, click here.
You want more reasons to give the program a chance? You have access to technical support 24 hours a day, 7 days a week. This includes the installation steps and the problems that may occur while using the program.
For an annual subscription you will receive about $12 per month. He has a 98% satisfaction rate with the evaluations – personally I would rate him 100%.
It’s an interesting feeling to be able to follow the activity of a smartphone. You can read their conversations in almost any program – so you know who the target is communicating with and you can track the conversations.
No one can keep a secret from you.
It may seem like you’ve found a complete solution to your problem, but there’s one drawback: you must have access to the target smartphone or PC.
One of the limitations of using mSpy is the need for physical access to the device on which you collect the data, and this only once.
This was not always the case, but as with all spyware applications, new security updates have made it impossible to install mSpy remotely.
But let me meet you halfway, because I took the time to write this guide and help you solve your problems.
In case you don’t know how to get a mobile device from a victim, I made a video describing three infallible ways to get to the phone without arousing suspicion.
If you want to spy on someone who lives in another city or country, you cannot spy on their mobile device unless you physically reach them by visiting them. You could always hire a private investigator.
Okay, Frankie, how’s the mobile device monitoring app?
After the successful installation of the application, mSpy stores the device data and sends it to a secure server. From there, you can access your account at any time using any device connected to the Internet.
The person you’re stalking doesn’t know any of their phone’s applications because they work in stealth mode without being noticed.
PROS and CONS :
✅ Free assistance 24 hours a day
✅ 100% safe and reliable
✅ Complete (spies on all most common applications, calls, and tracks movements).
✅ Affordable ($12 per month for an annual subscription).
❌ They need physical access to the victim’s mobile phone or PC.
You can try the demo and request the discount by clicking here.
You probably have a lot of questions for me.
Let me do my best to read your mind and help you push some of your concerns away.
Does the victim know that mSpy is installed on his phone or computer?
Certainly not! Both the smartphone application and the PC software are completely invisible. They leave no trace, making them impossible to target.
Can you find a free keylogging program?
Yes, that’s possible, but I’m not sure I would advise anyone to entrust their relationship to free software that offers no guarantees.
How much does this program cost?
Prices range from $12 to $70 depending on the package chosen.
Is it easy to install and use?
Yes, installation is quick and easy, and checking the information is even easier. You have a dashboard where you can follow everything that happens on the device in real time.
Can I use it on any device?
mSpy can be used on any device.
How long does it take to get results?
You can start retrieving information immediately after installation.
SUMMARY :
- Usability : 9/10 – You don’t need to know anything about computers, and you can get 24/7 help from customer service with a video tutorial if installation is difficult.
- The risk of getting caught: 1/10 – This spyware sets the bar very high – it cannot be detected on the target device.
- Transparency of information : 10/10 – You can start receiving information immediately after installing this software on your target device.
- Remote control is possible: 10/10 – You can monitor the device even if it is no longer in the country (after installing the software).
Frankie’s take:
Remember that this software only works if it is physically installed on the receiver’s phone or computer. He can start sniffing right away, and if you need information quickly, this is the procedure for you.
I promised you a viable alternative to phishing, and I kept my word.
Speaking of phishing: Let’s come back to this topic so you can learn important lessons to protect yourself.
Phishing protection
Something to be etched into your brain, something you can use as an Internet mantra: No one can protect your data better than you.
You should take the time to protect the information in your devices. This means that one knows where they are stored and used, and that one enters them as little as possible.
E-mails and phishing messages always have a red flag to encourage you to act without thinking. B : If you don’t answer, your account will be closed after 48 hours.
I have put together a small but very comprehensive guide so as not to fall into a trap.
- You should always check both the link in the email and the sender’s address before clicking on a link outside the message. It is often best to copy the link and paste it into the address bar.
- Before clicking on a link, try to verify the origin and path. If you use a computer, when you hover the mouse over the link, you can get real information on the subject of the link.
- As a general rule, you should follow the rules of conduct on the Internet when using secure connections that can be verified and secured. Public Wi-Fi hotspots can be a hotbed of trouble.
- First check that the connection is HTTPS. The first time you open the page, by checking your domain name, you can avoid making a costly mistake by entering information you shouldn’t have. These factors are very important on websites that contain sensitive information, such as B. Your online banking, online shopping, social media connections, etc.
- You may never share your personal information with a third party. Official companies will never ask you for confidential information or proof of identity via your e-mail.
I’ve tried to give you a complete overview of phishing and some ways to protect yourself. If you have any questions or comments, you can post them below.
Thank you so much!
PS – I have something very interesting that can be very useful for you: the best methods (tested by me) to access someone’s Instagram account and read DM messages.
Related Tags:
phishing social media examples,social phishing,phishing attack,clone phishing,social media phishing statistics,social networking sites are safe from phishing true or false,spear phishing,social media phishing tools,whaling phishing,what is sms and mobile phishing