The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.
Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.
The login popup prompt is in HTML and appears very realistic-looking, the status bar, navigation bar, shadows, and content also look exactly like a legitimate login prompt.
When users visit the malicious website, they are prompted to log in with a social account. Once selected a login method, the fake login prompt will be displayed.
The credentials provided by the users are sent to the attacker.
When users click “log in with Facebook” button available on any website, they either get redirected to facebook.com or are served with facebook.com in a new pop-up browser window, asking them to enter their Facebook credentials to authenticate using OAuth and permitting the service to access their profile’s data.
Users can also interact with the fake browser window, drag it where they want or exit it like any legitimate window.
“The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.” concludes the experts.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – phishing, Facebook)
[adrotate banner=”5″] [adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.