3 ways crooks steal your Facebook or Twitter password

ByCraig Haley

Keeping cyber crooks and hackers out of your online accounts is one of the most important facets of online security. And of course one of the most effective ways of keeping them out is by ensuring your passwords stay out of their hands.

Crooks are always looking for ways to open up your accounts, and once inside they can wreck all kinds of havoc. Here we list the three most popular ways crooks can obtain your password and access your accounts, so you can ensure that it doesn’t happen to you. As usual, awareness and understanding are key to make sure you don’t fall for any of these methods.

If you’re always wondering “how are hackers getting my password” then we recommend reading on.


Sponsored Content. Continued below...




1. Phishing

By far the most prolific password stealing method that tricks Facebook and Twitter users into handing over their passwords are phishing scams, which are usually conducted through email, SMS or online chat platforms including WhatsApp or Facebook Messenger.

The key to a successful phishing scam is tricking the victim into clicking a link in a message (be it an email, text or online message) that will lead to a spoof website asking the victim to login to their Facebook or Twitter account. The spoof site will look like the Facebook or Twitter login page, but it isn’t – it’s a fake site operated by cyber-crooks, and if the victim enters their username and password into the page, that sensitive information then gets transmitted to the crooks.

The email, text or message will usually contain a story designed specifically to lure the victim into clicking the link in the first place. We call these social engineering techniques. Examples can include asking the victim to click a link to
– confirm their identity.
– review or block suspicious activity.
– or to avoid having their account disabled.
– see content they are featured in.

Take a look at the below SMS example that threatens account suspension.

Such stories are designed to alarm or lure the victim into clicking a link that leads to the spoof website.

Don’t click on links in emails or messages but if you do, always checks the web address before entering any information. If you’re not sure, click away.


Sponsored Content. Continued below...




2. Data Breaches > Credential Stuffing

Companies suffer data breaches all the time. And with many of these breaches, customer data – including passwords and usernames – are leaked. And yes, this includes companies where you have an online account. There’s not much you can do about it – after all, you’re not in charge of the security of all the companies where you have an account.

Usually the company that suffered the data breach will force you to change your password immediately if this happens, to stop crooks from gaining access to that account. Crooks know this. But it doesn’t matter to them, because they’ll be using that leaked username & password data elsewhere. They know that many of us still reuse the same email and password combinations across different websites, so they’ll plug that leaked data into different websites – including Facebook and Twitter – looking for a match. It’s called credential stuffing.

With the rise of data breaches and information leaking online, credential stuffing has become one of the most well-used methods to gain access to online accounts.

The advice is simple here – don’t reuse the same passwords.


Sponsored Content. Continued below...




3. Malware

It is always possible that malware types – such as spyware and keyloggers – can record your Facebook or Twitter password as you enter it and send the information back to the crooks.

So if malware installed itself on your computer or if you use a shared computer with malware already installed, any keystroke you enter is recorded and you run the risk of compromising your passwords.

Have good antivirus installed at all times (our recommendations here) and run regular scans. Don’t login to your accounts on shared computers and follow good security habits to help you avoid malware (more information on that here.)

By the way… 2FA…

It’s worth noting that all three of these methods designed to steal your password won’t work if you enable 2FA, or two-factor authentication. Both Facebook and Twitter support 2FA, and it means a separate code is also needed to access your account. So if your password does fall into the wrong hands, the crooks still won’t have access to your account.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)