Polished Facebook phishing attack seeks to steal users' credentials

by Gabriel E. Hall - -

Facebook users beware: a new phishing campaign might trick even the most observant

Hackers have launched an attack that confuses even accurate users

Cybersecurity researchers have recently discovered a cyber attack that can trick even the most experienced and cautious computer users. Experts claim that even those who check the URL, use anti-phishing tools or check for a secure HTTPS connection, can become a victim of a new sneaky phishing attack that targets Facebook users.

“Login with Facebook” is a well-known feature that is used by numerous websites – it helps users quickly access the content of sites that need registering. This time, cybercriminals are targeting exactly this feature.

The CEO of Myki, known as Antoine Vincent Jebara, has spotted this cyber attack which sends users links which ask to “log in by using Facebook” in order to receive a discount or read some relevant articles on a news website.

The “Login with Facebook” pop-up window appears to look identical to the original one

“Login with Facebook” feature is legitimate and used by thousands of websites. Unfortunately, this component is now being abused by cybercriminals, and it seems like they are doing it exceptionally well.  According to Antoine Vincent Jebara, the threat actors have created a pop-up window that can be easily mistaken for the original one, as it does have all the signs most careful users look for:[1]

When a user visits the malicious website, they are prompted to log in with a social account (Facebook in this case). Upon selecting a login method, the fake login prompt is presented. The user can interact with it, drag it and dismiss it the same way they would a legitimate prompt.

Moreover, the cybersecurity researcher has discovered that the false pop-up window has been created by using an HTML code and JavaScript.[2] This also gives the look of legitimacy to the false pop-up message.

However, once you access the “log in by Facebook” button, you are taken to Facebook's original website or redirected to a new browser window. Here you are asked to enter some personal information in order to confirm your authentication by using the OAuth service.[3] The the data is entered, criminals know the credentials of your Facebook account, and it can be used for plenty of malicious purposes.

It is possible to avoid getting scammed – here's how

Cybersecurity experts warn that this phishing campaign can catch anyone by surprise – even the most experienced ones. Antoine Vincent Jebara claims that the sophisticated and realistic phishing attack like this was never encountered before:

We do not know if this specific type of hyper-realistic phishing campaign was previously reported but we've never seen one live and a quick Google search doesn't pull up similar results.

Even though such illegitimate activity is almost impossible to identify, there is one thing you can do. If the pop-up login window seems suspicious to you, you should try dragging it out of your desktop area. If it turns out that you cannot pull it out of the browser window, it is fake.

However, users should always be cautious while browsing in the online environment. Technology experts always recommend using strong passwords that consist of symbols, numbers, upper and lowercase letters combined together.[4] Additionally, two-factor authentication[5] might appear to be an advantageous feature as it prevents illegitimate access to your online accounts.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References