An attacker creates three or four Fake facebook accounts and sends requests
to his victim from all of these. He is already aware of the victims Parent Email Address
(The one he used to signup for Facebook). After the victim confirm all his accounts, the
attacker logs out and puts his victims email in the "Email" Section. Facebook shows a
"Reset my password" option after typing in absurd passwords again and again.
The recovery option then asks the user whether to send his password reset code to his parent email
address or his cell phone number. Along with this, there's an option saying "No longer have access to these?".
Clicking on this option asks the attacker to enter a new Email Address.
In This section, the attacker types his own Email Address and hits the Submit button.Facebook's
automated systems first confirm whether this is his own Email Address or not, so they ask him
to choose three Close friends who will get the Confirmation code in their Inbox.
These three accounts are actually his fake accounts.
Facebook now shows three boxes asking for the confirmation codes that were sent to his fake accounts.
The attacker now logs in into each account and fetches the codes, pastes it into the boxes and gets access to his victims account.
to his victim from all of these. He is already aware of the victims Parent Email Address
(The one he used to signup for Facebook). After the victim confirm all his accounts, the
attacker logs out and puts his victims email in the "Email" Section. Facebook shows a
"Reset my password" option after typing in absurd passwords again and again.
The recovery option then asks the user whether to send his password reset code to his parent email
address or his cell phone number. Along with this, there's an option saying "No longer have access to these?".
Clicking on this option asks the attacker to enter a new Email Address.
In This section, the attacker types his own Email Address and hits the Submit button.Facebook's
automated systems first confirm whether this is his own Email Address or not, so they ask him
to choose three Close friends who will get the Confirmation code in their Inbox.
These three accounts are actually his fake accounts.
Facebook now shows three boxes asking for the confirmation codes that were sent to his fake accounts.
The attacker now logs in into each account and fetches the codes, pastes it into the boxes and gets access to his victims account.
No comments:
Post a Comment