Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks abuse Facebook app platform for phishing attacks

Crooks are abusing the Facebook app platform to carry out some very insidious phishing attacks against the users of the popular social network. Security researchers at Netcraft spotted a new insidious phishing campaign that leveraged Facebook’s own trusted TLS certificate that is valid for all facebook.com subdomains. The phishing page is designed to look like a […]

Crooks are abusing the Facebook app platform to carry out some very insidious phishing attacks against the users of the popular social network.

Security researchers at Netcraft spotted a new insidious phishing campaign that leveraged Facebook’s own trusted TLS certificate that is valid for all facebook.com subdomains.

The phishing page is designed to look like a Facebook verification form that is served via the Facebook app platform. This phishing attack works even when the victim in not already logged in. The crooks create an app that serves the phishing page from an external website via an iframe.

“This makes the page appear legitimate, even to many seasoned internet users; however, the verification form is actually served via an iframe from an external site hosted by HostGator. The external website also uses HTTPS to serve the fraudulent content, so no warnings are displayed by the browser.” states the blog post published by Netcraft

The attackers used the HTTPS for the external web site to serve the malicious page, so no warnings are displayed to the victims by their browser.

facebook phishing Netcraft

When victims visit the phishing page, the information they provide are sent back to the attacker’s server.

The researchers at Netcraft noticed that crooks also used another trick to deceive victims; when the victims first submit the information on the phishing page, an error message is displayed to the user that warns of incorrect credentials.

“To win over anyone who remains slightly suspicious, the phishing site always pretends that the first set of submitted credentials were incorrect. A suspicious user might deliberately submit an incorrect username and password in order to test whether the form is legitimate, and the following error message could make them believe that the credentials really are being checked by Facebook.” continues Netcraft.

Once the victims enter the login credentials for the second time, the page displays a message inviting them to wait up to 24 hours for the approval of the submission, just the time to allow attackers to take over the account and use it for a number of fraudulent activities.

An excellent protection against these attacks is the two-step verification implemented by Facebook on its accounts. Facebook also implements a login alerts feature to notify users when their account has been accessed from an unknown device.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Facebook Phishing, hacking)