Today THN (The Hacker News) tweeted about a phishing attack, which portrays Facebook popup, which is totally identical to any other Facebook page along with its address.
Vincent, co-founder and CEO of password managing software Myki found that cyber criminals are distributing links to blogs and services that prompt visitors to first “login using Facebook account” to read an exclusive article or purchase a discounted product.
YouTube channel MyKi SAL also posted a video demonstrating how this phishing technique is being used by various blogs and services, and also shows how does the UI of the popup looks like!
Generally, a user looks for Site Certificates, exact domain name i.e “www.facebook.com”, ads on the webpage to determine if the webpage is a trap or a genuine one! But this popup is designed to make the user believe that the displayed popup is a genuine webpage and after all, this is what phishing is all about.
As we have mentioned in our previous posts, always try to use 2 factor authentication, so that even if someone gains access to your credentials, its not easy for him/her to access your account.
Another way you can prevent being a victim of this phishing attack is, whenever a popup comes up asking you the details of your social media account, first of all check if it is a genuine page or not. Then try to drag the popup out of the browser edge. If it is a normal popup then you are good to go, but if you are unable to drag the popup window out of the webpage window, then it’s a warning. Don’t interact with the page.
See you guys in the next post, till then stay tuned and don’t forget to comment.
Source: The Hacker News