Security News New Phishing Tactic Targeting Facebook Users Relies on Padding URLs with Hyphens

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
...quotes from the artcle above:

Security researchers from PhishLabs have come across a new phishing trend that's targeting mobile device owners exclusively, with "the highest proportion of attacks" aimed at Facebook users.

This new tactic relies on the fact that mobile browsers have very narrow URL address bars, which prevents users from viewing the entire contents of a link. Phishers are taking advantage of this UI inconvenience to pad URLs with subdomains and hyphens, making some links look authentic on mobile devices.

For example, take the following URL, seen by PhishLabs experts in real-world attacks:


hxxp://m.facebook.com----------------validate----step1.rickytaylk[dot]com/sign_in.html


The real domain of this website is rickytaylk.com, and not "m.facebook.com". Because a mobile browser will show only the first part of the URL, users will see only the "m.facebook.com" section, followed by an endless stream of hyphens.


Attack only works against inattentive users
Inattentive users will be fooled to think they're on the mobile login page of the real Facebook and give away their credentials to these crooks.

PhishLabs experts say that in most cases, attackers use these credentials to spam a user's friends, and also send their phishing pages to other users, spreading the infection to others.

Most phishing attacks using this technique have targeted Facebook users. Experts say they've seen this same tactic also deployed against services such as Apple iCloud, Comcast, Craigslist, and OfferUp.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top