A strong wave of phishing attacks has descended upon Facebook users, as cybercriminals mimic an authentic Facebook login page in order to harvest user login credentials. The phishers have developed an application that lets it display a fake but authentic-looking Facebook login verification page.
The attacks use Facebook’s app platform to display the fake page under a valid Facebook domain and Transport Layer Security (TLS) certificate, giving the fake page an air of authenticity. (TLS is a protocol for ensuring secure communications between domains and users for activities such as email, Internet faxing and data transfers.) To further avoid arousing suspicion, the phishing site uses HTTPS protocol so web browsers won’t display warnings about insecure sites or pages.
According to a report on AVAST’s blog, the phishing page uses a simple call to action form asking for the user’s login ID (email or phone number), password, security question and answer, and birthday. Then it sends the login information to the phisher’s email.
To make the experience appear legitimate, the form mimics the interaction that happens when users enter some of the login details incorrectly. When users attempt to log in, the form returns a “Username or Password is wrong” page and asks for the login credentials a second time, tricking unsuspecting users into offering their personal information again.
Once users click the Log In button, they see a page telling them to wait up to 24 hours for an email confirming approval of the verification request — more than enough time for cybercriminals to use the login information for illegal purposes such as accessing user accounts, using the accounts to spam or scam victims’ contact lists with pleas for monetary assistance or other scams. Cybercriminals often sell the information to others who are engaged in similar activities.
The phishing site is reportedly hosted at http://gator4207.hostgator.com/~labijuve/a2/; a quick glance at that address raises immediate suspicions about its authenticity.
How to safeguard your Facebook account
Before logging into Facebook, or any of your online accounts, double-check the page URL first to ascertain that it does indeed come from the intended site. Facebook protects your account with Login Approvals, also known as two-factor authentication or two-step verification, so that cybercrooks won't be able to log into your account even if they do succeed in stealing your login credentials. The two-step process requires anyone logging into your account through a new device or a new web browser on one of your devices provide a secondary form of authentication. For Facebook, the easiest form of authentication is entering a one-time code that is texted to your smart phone. Once you verify the device, you'll be all set. No need to authenticate every time you log in.
To turn on Login Approvals, click on the security padlock in the upper right corner and then choose Security Settings > Login Approvals. From there, Facebook will walk you through the process of security your account.
Don't just secure your Facebook account, make sure you turn on two-factor authentication for all of your accounts. And, be alert to how fraudsters commonly carry out their scamming and hijacking activities on social media.
Updated on 5/8/2016 with Facebook Login Approvals information.
[Image credit: Password box in Internet Browser via Shutterstock]
From Patrick on May 09, 2016 :: 4:01 pm
Hi Susan,
please this has nothing to do with the Facebook incident.
My Yahoo account has been taken over by someone else. Every time I follow the instructions on reset to my mail box, the name addressed is not me. when I send the code given and enter verify nothing happens. I don’t know how to contact Yahoo about this. Any ideas ? Thanks.
Reply