This realistic phishing scam is after your Facebook credentials

March 2023 · 2 minute read
phishing scam

A new phishing attack surfaced online that aims at stealing Facebook credentials. The attack was identified by Myki that is actually a password management company.

The company stated that the attackers actually use an HTML block to realistically reproduces a social login prompt. The technique used by the attackers is to prompt the users to visit a malicious website that has already been embedded with the block.

The campaign looks so convincing and realistic hence the company performed a detailed analysis of the scam aiming to create awareness among its users. The investigation was done after most of their users failed to auto-fill passwords on some particular websites. That is the reason that the company suspected those websites to be suspicious.

The attackers are launching the attack by designing an HTML based social login popup prompt. The login prompts look like a legitimate option due to the similar navigation bar, status bar, content and shadows.

The false login prompt convinces users to login to the websites using their Facebook credentials. The login information is then sent directly to the attackers once users enter their usernames and passwords.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Spotting The Abnormal Behavior

According to the company, the abnormal behavior can be observed by dragging away the Windows from their original position. If you are not able to drag the prompt, there might be the case that you might not be able to see the part of the prompt and it hides beyond Window’s edge. It is an indication that the prompt or popup is definitely a fake one.

Recently, there has been an increase in the phishing attacks worldwide and the attackers are constantly using updated mechanisms for that purpose.

Most of the users eventually fall into their trap and they have to bear the consequences. You can not afford to loose your sensitive data, therefore it is strongly recommended that you should avoid visiting suspicious sites.

RELATED POSTS YOU NEED TO CHECK OUT:

ncG1vNJzZmivmaOxsMPSq5ypp6Kpe6S7zGinoaGjnbavs4ysmpqlXZuupLHBqKakZw%3D%3D