Skip to content

How to steal Facebook accounts

Rate this post

Our Facebook profiles now contain invaluable information and data: from personal data to photos, through to contact information and personal interests. It would be a real drama to lose everything or, even worse, to suffer a theft of your account, and that is why, obviously, I receive so many requests related to the subject every day.

In fact, many people ask me for information on how to steal Facebook accounts , in order to learn more about the techniques used by cybercriminals and learn how to defend against them. Well, today I decided to comply with these requests and shed some light on the subject, so “raise your antennas” too and find out how to defend yourself from malicious people who, in one way or another, could take over your Facebook profile. . I assure you that it is not so difficult: it is enough to have a minimum of common sense.

Just a small clarification before starting: the information in this article is for illustrative purposes only. Therefore, I do not take any responsibility for the potential misuse that could be made of it. That said, I’d say we can get down to business. Happy reading and good luck for everything!

Techniques for stealing a Facebook account

First of all, let’s see what are some of the main techniques for stealing a Facebook account used by cybercriminals: by knowing them, you will have greater awareness and you will know how to defend yourself from them.

Social engineering

The first technique adopted by cybercriminals and from which I would like to warn you is the one that has to do with the so-called  social engineering , which usually does not involve the use of particular computer tools to be perpetrated. How do you say? Do you think it is impossible to  steal a Facebook account without programs or other advanced tools? You are very wrong.

Social engineering works like this: usually, the attacker approaches his potential victim and, with an excuse, convinces her to lend him the smartphone or computer. If the victim agrees, the cybercriminal carries out his plan: by pretending to use the device to meet an urgent need (for example, contacting a distant relative), he uses it to view the information of the victim, including those contained in the his Facebook account .

In other cases, it could take advantage of the opportunity to install spy software and control the device remotely, without the user noticing. Falling into this trap is really simple, but it’s just as simple to defend yourself: just don’t lend your smartphone or PC to people you don’t know and, in case you have the habit of leaving the device unattended, protect it with a security code. secure release.


Facebook login

The phishing is another hacking technique (also part of social engineering) to which you do well to pay attention. It works like this: cybercriminals send the user an email or an SMS containing a link, which leads to a web page asking for a Facebook password reset for “security” reasons.

Since the page viewed by the user could actually look like that of Facebook, this could fall into the trap and unwittingly hand over the “keys” of his account to the bad guys.

Defending yourself against phishing is simple: just ignore any suspicious links you receive via email or SMS. Remember that Facebook never asks to reset login credentials on its own initiative .

Keylogger and spy app

How to turn on the computer from the keyboard

The keylogger is one of the tools used by cybercriminals to steal information and accounts, including those related to Facebook. If you have never heard of it, it is software, invisible to the user, which records everything that is typed on the keyboard of the device in use and, often, sends the information collected remotely, or via the Internet, to people who do not have physical access to the computer. Alternatively, they can keep all the data locally, waiting for the attacker to go and retrieve them.

To better understand how keyloggers work and how easy it is to use them (at least locally), I suggest you read my guide on how to hack Facebook where I have explained it to you.

To defend yourself against these types of threats, always keep your antivirus updated and use one of the anti-keylogger solutions that I recommended in my articles on how to understand if your PC is being spied and how to eliminate keyloggers.

On smartphones, then pay attention to spy apps . As easily understood from their name, these are applications that spy on everything that is done on the device they have control over: the text typed, the calls made, the chats and even can allow remote access to the microphone and the camera. of the device.

Do you suspect that these apps may be on your smartphone or tablet? In this case, try to follow the instructions I gave you in the guide where I explain how to identify and delete spy software from your mobile.

I also recommend that you beware of apps that appear to be designed for noble purposes, such as parental control  and  anti-theft apps  , which could be misused by nosy relatives and friends to spy on you. I have already shown you how some of them work in my guide on how to spy on Android.

Attacks on browser databases

Passwords saved in the browser

Do you usually save the passwords for accessing your social profiles, including Facebook, in the browser database? Bad very bad! Cyber ​​criminals, in fact, through attacks on browser databases easily steal the credentials of the most unwary users.

To defend yourself from this possible threat, do not save the passwords of your accounts in the browser: as I showed you in this other guide, recovering them is really very simple.

Instead, turn to dedicated password managers , such as the ones I told you about in my tutorial on how to manage passwords.

How not to get stolen from Facebook accounts

After discovering which hacking techniques are most used by cybercriminals to steal other people’s Facebook accounts, let’s see together how to defend against them and, therefore, how not to get your Facebook account stolen .

Use a secure password


Using a secure password is the least you can do to avoid having your Facebook account stolen. To be considered secure enough, a password must be at least 15-20 characters long and difficult to guess .

Furthermore, it is essential to use different passwords for each account , change them frequently (if possible, at least once a month) and keep them in a safe place , perhaps a password manager , such as the very famous  1Password and  LastPass , which I have told you about in depth. in this other guide.

If you think your current Facebook password is insecure or if you haven’t changed it for a long time, I suggest you change it right away.

Enable login notifications

Receive Facebook alerts

Another thing I suggest you do is activate notifications of accesses on Facebook : by doing so, you will notice any unauthorized access to your account and you will be able to block cybercriminals in time. Here’s how to turn on the notifications in question.

  • From smartphones and tablets  – log into Facebook through its official app for Android and iOS , tap the button (≡) and go to the Settings and privacy menu > Settings> Security and access> Receive alerts on unrecognized access . Then tap on one of the proposed solutions to receive alerts (eg Notifications , Messenger , E-mail , etc.), taking into account that you can activate more types of alerts. Then select the Receive notifications option , tap the Save button and you’re done.
  • From computer  – access Facebook from its main page (or from its application for Windows 10 ), click on the button (▾)  located at the top right and, in the menu that opens, select the Settings item . On the next page, select the item Security and account located on the left, click on the Edit button located under the item Receive alerts on unrecognized logins , check the options Receive notifications and Access alerts via SMS to the number [your mobile number]  o Notification of access by e-mail to [your e-mail address] and, finally, click on the Save changes button  .

In the event that a suspicious access is reported to you, immediately close all active Facebook sessions: to do so, after going to the Where are you logged in section  , present on the screen from which you activated notifications for access, expand the menu in question and presses on the item Disconnect from all sessions . Immediately after that, reset your account password and report this to Facebook.

Enable two-factor authentication

Facebook two-factor authentication

Activating two-factor authentication is crucial to avoid getting your Facebook account stolen. Thanks to this security measure, in fact, to log in on a new device or a new browser it will not be enough to enter the password of the Facebook account: you must also enter a second “disposable” key, to be received via SMS or generate via app. In this way, only by physically gaining possession of your phone could an attacker be able to “hack” your account (assuming he knows the main password of the profile).

If you have not yet activated two-factor authentication on your Facebook profile, do so immediately by following the instructions below.

  • From smartphones and tablets  – log in to Facebook via the official social network app for Android or iOS , tap the button (≡) and go to the Settings and privacy menu > Settings> Security and access> Use two-factor authentication . Then, press the Start button , choose a method to protect your account ( Authentication App or  Text Message ), press the Continue button and follow the instructions that appear on the screen, to complete the procedure.
  • From computer – access Facebook from its main page (or from its application for Windows 10 ), click on the button (▾)  at the top right, then on the Settings item in the menu that opens and press on the Security and access item located on the left of the page that opened. Then click on the Edit button next to the item Use two-factor authentication , then on the Start button  (below), select a method to protect your account ( Authentication app or Text message ), click on the buttonGo ahead and follow the instructions given on the screen to complete the operation.

Do not connect to public Wi-Fi networks

Wi-Fi symbol

Not connecting to public Wi-Fi networks is another measure that you would do well to put into practice if you want to prevent someone from stealing your Facebook account. In fact, public Wi-Fi networks are particularly vulnerable to cyber attacks and are often used by cybercriminals to “sniff” user data.

When you are away from home, therefore, connect to Facebook using your operator’s data connection and you will avoid unnecessary risks.

How to recover stolen Facebook account

Page to recover the compromised Facebook account

Since you did not follow the instructions given in the previous lines, unfortunately your Facebook account was stolen? I am very sorry for what happened to you. In any case, do not lose heart and try to recover it through the procedure provided by the service.

If you want to know more, you can consult the guide in which I explain in detail how to recover the stolen Facebook account: I hope it will be useful to remedy the situation.