Facebook Users At Risk: Fresh Phishing Scam Aimed at Harvesting Login Information
=======================================================================
A complex phishing campaign targeting Facebook users has been uncovered by security analysts. The campaign, which spans multiple languages, including English, German, Spanish, and Korean, aims to harvest login credentials by exploiting Facebook’s external URL warning feature and impersonating Facebook’s security team.
The phishing emails, designed to closely mimic Facebook's styling, include social media icons and footer disclaimers. The initial lure in the emails is an urgent security notification about unauthorized access attempts or account activity verification.
Victims who click on the link in the email are redirected to a near-perfect replica of Facebook's login interface. The redirect mechanism used by the attackers evades link scanners and bypasses user suspicion, making detection and prevention challenging.
After a failed login attempt, the fake portal executes a brief JavaScript snippet to display an "Incorrect password" error, prompting users to re-enter their details, unwittingly supplying attackers with valid credentials on the second attempt. The harvested data, including email addresses, phone numbers, and passwords, is stored in a PHP backend script for later retrieval by threat actors.
The URLs used in the phishing campaign are constructed to leverage Facebook's l.facebook.com redirect service. Attackers have innovated a redirect-based infection mechanism that abuses Facebook’s external URL warning system, making the malicious links appear legitimate.
When clicked, a warning banner is presented by Facebook, but the user is ultimately redirected to the malicious page. The JavaScript routine on the phishing site minimizes suspicion by displaying an "Incorrect password" error and prompting users to re-enter their details.
The HTML form on the phishing site collects email addresses, phone numbers, and passwords upon submission. Credentials submitted on the fake login page are immediately exfiltrated to a command-and-control server.
This redirect-based mechanism bypasses email security gateways and exploits user trust in Facebook's domain. The phishing sites are embedded in the parameter of the URL, and the attackers use Facebook's external URL warning system to cloak malicious links.
While the exact organization or hacker group responsible for the phishing campaign is not identified in the sources, the use of Facebook’s redirect mechanism to conceal malicious URLs behind legitimate warnings and fake login portals is a concerning development in the world of cybersecurity. Users are advised to exercise caution when clicking on links, especially those claiming to be from social media platforms, and to keep their antivirus software up-to-date.
Read also:
- Money equivalent to RM5 could potentially reveal your location?
- Investment of $20 million in strategy by the Aqua 1 Foundation of the UAE in Above Food
- Steep Increase in Global Network Security Market Reaches $6.4 Billion, Propelled by Cloud Technologies and AI Advancements
- Exploring Cloud Security Standards for Regulated Companies as Set Forth by SEBI: A Handbook for Compliant Businesses
