silversurfer

Level 50
Verified
Trusted
Content Creator
Malware Hunter
A new phishing attack bent on stealing Facebook credentials has been spotted – and it’s turning researchers’ heads due to how well it hides its malicious intent.

Researchers with password management company Myki on Thursday said that attack reproduces a social login prompt in a “very realistic format” inside an HTML block. That block is embedded on a malicious website that victims must first be convinced to visit.

“We would like to raise awareness on the issue as quickly as possible, due to how realistic and deceptively convincing the campaign is,” Antoine Vincent Jebara, co-founder and CEO of Myki, said in an analysis of the scam.

Jebara investigated the scam after Myki password manager users started complaining that the manager was not auto-filling passwords on specific websites for popular domains. “Our investigation led us to suspect that these users might have visited a similar kind of phishing sites,” he said.

A bad actor was able to design a very realistic-looking social login popup prompt in HTML. The status bar, navigation bar, shadows and content were perfectly reproduced to look exactly like a legitimate login prompt.

When a victim visits a malicious website (which an attacker could somehow convince them to visit, using social engineering tactics or otherwise), they would be prompted to log into their Facebook account via a false login prompt.

In a video demo outlined by researchers (see below) they showed a popup that appeared when they were trying to read an article on a site purporting to be The News Weekly Journal, which says “Login with Facebook to access the article.”

 

Vasudev

Level 29
Verified
I was scared my Paypal account needed security check via email in my recovery account. I did see message wasn't encrypted and simply hovered on the link to see it was fake site for stealing account password. Well, I clicked on it for giggles and BD Traffic light said it was Phishing site and scam. The thing confused me was the company logo was just perfect when I viewed it on phone and on PC I got detailed info in Thunderbird and Outlook mail.
Sent a email to Paypal saying its a privacy breach and they said me to forward that phishing email to their department for analysis and thanked me for reporting!
 

LDogg

Level 29
Verified
Gonna have to keep an eye out for this phishing scam campaign and alert others.

Maybe a counter action to this is would be to have adequate adblocking alongside Poper Blocker or Overlay Removal extension such as Behind The Overlay.

Hoping this doesn't get any more advanced than it is already.

~LDogg