Netcraft researchers have recently spotted an extremely convincing Facebook phishing attack.
The fraudsters made it look like the fake “Facebook Page
Verification” form they’ve asked the victims to fill and submit is
legitimate, as the page serving it is on a Facebook subdomain and uses
HTTPS:
The attack will work whether the user is already logged in or not,
and all the links on the page work as they should. This is because,
apart from the bogus form, the rest of the page is legitimate.
The phishers have registered Facebook apps, and have managed to load
the form inside it via iframes. The form is hosted on the crooks’ own
servers, which also uses HTTPS, so no warnings about unsecure
connections will pop up.
Another trick up the fraudsters’ sleeve is that they made the form
return an “incorrect credentials” notification the first time the user
submits them (whether they are correct or not). This trick is used to
convince the most suspicious users, who might have inserted incorrect
credentials on purpose, that the form works as it should and is
legitimate.
On the second try, the form accepts the inserted credentials, sends
them to the attackers’ servers quietly in the background, and shows the
victim a response saying they will be contacted by the “Facebook
Verification Team” within 24 hours.
“But of course, this email will never arrive,” says Netcraft’s Paul Mutton.
“By this point, the fraudster already has the victim’s credentials
and is just using this tactic to buy himself some time. He can either
use the stolen Facebook credentials himself, or sell them to others who
might monetize them by posting spam or trying to trick victims’ friends
into helping them out of trouble by transferring money. If more victims
are required, then the compromised accounts could also be used to
propagate the attack to thousands of other Facebook users.”
Potential victims are likely directed to the fraudulent form via bogus emails or messages supposedly sent by Facebook.
Blog Archive
-
▼
2016
(15)
-
▼
May
(15)
-
▼
May 19
(10)
- 1,400+ vulnerabilities found in automated medical ...
- The dangers of bad cyber threat intelligence programs
- SIM Swap fraud is gaining momentum
- Hacking Team hacker explains how he did it
- Facebook vulnerability allowed access to personal ...
- Facebook made to serve phishing forms to users
- Cybercrime economy: The business of hacking
- Online transaction fraud to reach $25 billion by 2020
- Europol to get new powers to disrupt terrorists’ o...
- Hacker finds vulnerability in Mr. Robot’s website
-
▼
May 19
(10)
-
▼
May
(15)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment