Hacking Facebook accounts has been commonplace since the beginning of the Facebook era and, of course, one of the preferred methods for implementing social engineering attacks. However, some of these scams are in fact just a small part of a much bigger online advertising pricing system, in which webmasters aim to get more money from their web traffic.
A webmaster is someone who is responsible for maintaining websites and their role often includes increasing traffic. Apart from that, an important purpose for many of them is to squeeze as much revenue as possible from the advertising space they sell. In order to achieve that, webmasters will strike deals which turn user actions, downloads, clicks and so on into valuable interactions.
The most dubious monetizing tools in Online Marketing
Given the vast scale of the internet and the potential millions of visitors, this can be a lucrative business. That’s why behind the scenes an extensive ad network infrastructure has developed. And today ad networks are essentially an intermediary between the advertisers and the website publishers.
Apart from providing their publishers with various advertising campaigns to choose from, some ad networks also offer aggressive and dubious monetizing tools. These include:
- URL and download lockers
- Content lockers
- Video lockers
- Geo-targeted offer walls
- Virtual reward tools – visitors are paid a certain amount of virtual currency in exchange for interacting with ongoing ad campaigns
- Exit traffic tools - these monetize the exit traffic by redirecting the users to ad pages when they try to leave the publisher’s website
Hacking Facebook account – how it’s done
Problems appear when the publishers or the ad networks attempt to deceive their website visitors. A relevant example is the enormous number of fake websites that offer the promise of hacking into Facebook accounts.
This ‘promise’ exploits the human urge to snoop, which is given greater imperative because of the anonymity under which the Facebook hack is achieved. And it’s not chosen randomly either: ad networks and publishers simply use this on account of the fact that it features high in searches and, as a result, it increases their potential for luring visitors to their sites. In fact, these websites are typically created by publishers as part of an affiliate marketing strategy.
Victims are told that the hacking process is a simple one, which only needs the target account as input, while the resulted output (the password) is just one click away or in a downloadable text file. But when the user tries to get it, they are either redirected to a fake file hosting server (where the file download is locked through a CPA gateway) or the locking is done directly on the original website.
This kind of lock is in fact a script which generally greys out the website’s content (blocking access to it) and displays a pop-up window (called a modal window). Then, in order to unlock it, the victim has to interact with a group of ad campaigns found on the pop-up window. A widely used trick is not to show the real adware to the victims. Instead, they are redirected to unrelated automatically-generated survey/game pages which mislead them into unknowingly buying whatever the advertisers really have to offer.
Apart from the subject of interest (in this case, hacking Facebook accounts), mal-intentioned publishers also take advantage of other subterfuges:
- Fake postings on various social platforms, which try to convince the users of the website’s popularity and credibility. In fact, this is a common-practice social engineering technique used by rogue ad networks. Don’t be fooled. If you see that a great number of people have shared this, then be sure that it isn’t true: they’ve either been deceived or the posting figures have somehow been manipulated.
- False reinforcement from various antivirus vendors that the generated output file which contains the password of the hacked account is clean.
- False reinforcement that the Facebook hacking website has been verified by a trustworthy entity.
- Fake testimonials from well-known magazines or from satisfied users.
- Fake examples of already hacked accounts.
- Fake Youtube videos promoting these websites. If a website or a software application is promoted via a Youtube video, it doesn’t necessarily mean that it is not malware. In fact, you are strongly adviced to take into consideration that Youtube is often used as a social engineering method.
- Most of the times a set of fake complicated steps are simulated for the hacking process in order to make the users believe that they are actually going to get the password.
- Some publishers’ websites use an even more compelling approach to make the victim interact with the rogue ad groups: they state that the ads have only one purpose, which is to verify that the user is human and not an automated bot of some sort.
Examples of scamming websites that use cost-per-action:
In summary, a great number of publishers are financially motivated into scamming as many people as possible. One of the consequences is that they will always try to take advantage of viral topics of interest, such as hacking Facebook accounts, in order to increase their website traffic and to get better payment for the actions generated by the victims.
You should always be careful when interacting with this kind of online marketing systems. And last, but not least, you should have BullGuard installed. It will be of great assistance in helping you avoid getting conned by such maneuvers.