Facebook phishers want you to “Connect with Facebook”

[LASER_oneXM]

As we edge toward Christmas, scammers are throwing their own party—in the form of Facebook phishing pages linked to and from bogus landing pages hosted on sites(dot)google(dot)com URLs.

These landing pages, adorned with very large and very fake “Login with Facebook” buttons, may be extra convincing to the unwary, due to a combination of the trusted Google name and the fact that the sites are HTTPS rather than standard HTTP.

HTTPS is becoming increasingly popular with scammers as it adds an extra air of authenticity to the whole operation. As a result, you can’t just assume a “secure” site is also a safe one. There could well be a phisher lurking in the distance.

The landing pages are all themed around loss of Facebook access, with potential victims most likely directed there by phishing emails. (We haven’t seen any associated with this particular campaign, but given the messaging on the sites and the typical methods used to steer someone to them, it seems a reasonable bet to make.)

The bulk of the fakeouts look like either of the two examples below, with zero additional content on the page except for a big blue box asking you to “Login to Facebook” to “comfirmation your account!!!” [sic]



Click to Enlarge

…or



Click to Enlarge

…”Connect with Facebook.”

There’s a few other designs out there, but they’re nowhere near as common as the two above. Here’s one of the alt-designs:



Click to Enlarge

The word salad on the fake Facebook security page reads as follows:

At time of writing, many of the secondary sites appear to have been taken down, though there’s still a fair few landing pages still up and running. As such, it would be easy for the scammers to set up new phish pages and point the landing URLs to them instead.

URLs you should avoid:

sites.google.com/site/wwwpagesinfoterms12/

sites.google.com/site/info30021033700i/

sites.google.com/site/policyclaming767005/

sites.google.com/site/recoveryfbunblockingcenter/

(leads to) help-unblocking-fb(dot)site/contact/2017/index(dot)php

sites.google.com/site/wwwpagesconfirms1202/

sites.google.com/site/noticereportslogsinfoo050/

sites.google.com/site/wwwpagesinfonet/

sites.google.com/site/help151054141104105140/

sites.google.com/site/info20012001320i1/

We’re working on having the last of these sites taken offline, but please be careful around any websites claiming they’ll confirm, review, or connect your Facebook account, especially in relation to supposed security alerts or “bad behaviour” on your part. If in doubt, visit the official Facebook site directly and take things from there. There’s a good chance it’s just someone trying to ruin your festive fun, and that definitely doesn’t fall under the season for giving.

 

[Anker_by]

The method i see they improving more "advanced" techniques.. Thanks for the info!!

 

[Flengo]

The trick to not getting your Facebook account phished is to not have a Facebook account in the first place.

 

[TairikuOkami]

Netcraft detects all but one listed. I get 3 warnings before getting to it (1 warning, then connect with FB button, then 2 more warnings and then the fake login).

Just asking me to login would alert me, since I am logged in all the time, that is why I love FB login.

 

[Prorootect]

The trick to not getting your Facebook account phished is to not have a Facebook account in the first place.

Sure Flengo, and Twitter account too, don't have it is better... read mode only.

 

[CyberTech]

i got warning by Avast internet security i'm glad that..

 

[Kuttz]

The trick to not getting your Facebook account phished is to not have a Facebook account in the first place.

Ahh ? An even better solution could be not connect to the Internet at all ? One needs to be more and more alert that is the only way going forward