How Does Facebook Phishing Work?

Phishing is a type of hacking attack that attempts to trick victims into providing sensitive information such as usernames, passwords, emails themselves.

When it comes to Facebook, hackers will create a web page or app that looks exactly the same as the official Facebook, and try to trick the victim into logging in on the fake one. This will give hackers the log in credentials.

There are many possibilities, but usually, hackers will send a message to the victim from a trusted source, linking to some content of the victim's interest.

Unaware victims that open the malicious link, will usually be greeted with a message saying that they've been logged out and/or that they need to log in to see the content.

After they "log in", their username and password will be stolen by the hacker, and they will be redirected to a page that will make sure that they remain unaware of what happened.

Since the introduction of SSL, phishing attempts can be easily recognized and prevented by examining the URL and the certificate of the page the user is on. Always make sure that you are actually using the real website before logging in.