An ideal use of Facebook would be to accept as friends only the people we know, but we all know that anyone adds to anyone… to check it, all you have to do is create a fake profile, put an attractive photo on it and start adding people … in a short time that fake profile will have hundreds of friends.
With this in mind, what I comment below I hope will serve to raise awareness when accepting friend requests why? because if an attacker is created 3 fake profiles and adds you, you can change your Facebook password and have easy access to your profile.
How can they change the password on Facebook?
I'm not going to publish a step-by-step tutorial, the idea of the post is simply to comment on it to keep it in mind in case it ever happens to us. Also, those who use it to do bad things, even as a joke, keep in mind that they will be committing a crime and in some countries they can go to jail.
When a password recovery process is started, as if it had been forgotten, for security reasons Facebook will try check the identity of the person trying to recover the password. One of the steps is as follows:
As you can see in the capture, one way to recover the key is Through 3 trusted friends. How is this simply select 3 friends from the contact list, each of them receives a secret code and with those codes – which we must ask them – Facebook allows us to change the password.
Now, going back to what I said at the beginning, if a attacker 3 fake profiles are created and you add us as friends … you could start the process of recovering passwords and select your 3 fake accounts as trusted friends.
In this way you will receive the 3 codes necessary to change password of our profile.
Is it that easy?
Yes, but Facebook has some measures that try to counteract this … one of them is that We will receive an email alert about the password change and we can see which people or contacts are the ones who received the codes.
The following screenshot is an email alert:
Also, once the password has been changed the account is blocked for 24 hoursIn other words, no one will be able to access it, not even us by changing the password again for a new one:
As we see, an attacker with patience could gain access to our profile and read all our private messages, in addition to posing as us. No phishing, no Trojans, only with the options that Facebook itself offers.
So you have to have be careful when adding friends!