New Phishing Ploy Exploits Facebook.com

Last week HackRead notified Web-browsers globally regarding one particular phishing scam related to a policy of 'account violation' circulating across Facebook that forced members to submit their login credentials into addresses of the scammers. Currently one more scam is attacking people using the social-networking site to filch their login data.

By making use of the Apps platform of Facebook, the phishing criminals are hosting malevolent material within facebook.com itself. They're registering Facebook applications, while utilizing free range capacities of the platform for uploading harmful web-pages with the aid of iframes. Actually the malevolent material posted comes from servers which the criminals maintain, and the iframes help in doing the uploading. The material is exhibited within Facebook apps.

However, there's one exception which's with the malevolent iframe that is inside the page's central portion. The associated campaign that Netcraft a security company spotted has the iframe installed from a HostGator-hosted malevolent website and not from any server of the criminals.

So Facebook is the big attack zone. The latest phishing tactic seems like a command missive displayed via the notifications section wherein members would receive missives inside their inbox with one malevolent web-link asserting that somebody told about irregularity of content flowing to and fro their Facebook A/C. The assertion made, however, is totally false and simply one ploy for ensuring the potential victim pursues the web-link followed with submitting his entire login data that would actually end up with the scammers. Hackread.com posted this, April 27, 2016.

Netcraft spotted one peculiarity in the phishing scam i.e. the login page displayed one login error whenever the Facebook account holder tried to validate the process, whether the credential entered were right or wrong.

Bottom line: criminals, by applying the above ruse, social engineering, a little low-end CSS expertise, besides the application platform of Facebook, can carry out extremely effective phishing scams through the Facebook website.

Hence, members are recommended to be careful while feeding the login details of their Facebook account into Facebook Apps. Facebook would automatically validate members inside these applications provided they only utilize the URL -facebook.com/login for the purpose.

» SPAMfighter News - 5/4/2016