A new phishing attack bent on stealing Facebook credentials has been spotted – and it’s turning researchers’ heads due to how well it hides its malicious intent.
Researchers with password management company Myki on Thursday said that attack reproduces a social login prompt in a “very realistic format” inside an HTML block. That block is embedded on a malicious website that victims must first be convinced to visit.
“We would like to raise awareness on the issue as quickly as possible, due to how realistic and deceptively convincing the campaign is,” Antoine Vincent Jebara, co-founder and CEO of Myki, said in an analysis of the scam.
Jebara investigated the scam after Myki password manager users started complaining that the manager was not auto-filling passwords on specific websites for popular domains. “Our investigation led us to suspect that these users might have visited a similar kind of phishing sites,” he said.
A bad actor was able to design a very realistic-looking social login popup prompt in HTML. The status bar, navigation bar, shadows and content were perfectly reproduced to look exactly like a legitimate login prompt.
When a victim visits a malicious website (which an attacker could somehow convince them to visit, using social engineering tactics or otherwise), they would be prompted to log into their Facebook account via a false login prompt.
In a video demo outlined by researchers (see below) they showed a popup that appeared when they were trying to read an article on a site purporting to be The News Weekly Journal, which says “Login with Facebook to access the article.”