Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News New Clever Phishing Scam Hits Facebook
#1
[Image: facebook-logo-hacked-729x445.jpg?x36796]


       Facebook has hit the news once again, this time they are dealing with a clever new phishing scam, this one disguises itself as an SSO [Single Sign On] window. What an SSO basically is, is a feature where a single sign in with a username and password, from any one social media account, or even Google, can allow a user to log into a third party website. Its designed in such a way to make it easier for back-end and client-end users; greatly reducing the number of accounts needed to log into multiple websites. 


   This [fake] SSO, was discovered through Myki, a password management service, Myki discovered a website t hat offered SSO to Facebook. This one was identical to an actual SSO, but it lacked the Facebook API, and also did not interface with the social media site at all. All this scam needed was a username and a password. Again, this was a clever phish, this scam even had HTTPS, and some well written [or copied] HTML. But there was one way that could be used to tell if it was a fake; real SSOs can be fully dragged outside the website they are on, as compared to the fake, which would come out broken and distorted. 

   More methods included the autofill feature not working, the URL not being from Facebook, or for more experienced users the site's source code could be examined. This new method of phishing is only more proof that the attackers are only getting smarter, and we, those in security, should ensure that we are more vigilant and are staying ahead of the curve. 


   Original article can be found here.


    That was the folks, have a good weekend, and stay safe out there. 


    ---Mad-Architect

   
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply
#2
Nice way of Phishing....
Rs
* Thankful to Allah *
Kurdy
Reply
#3
(02-16-2019, 04:34 PM)Mr.Kurd Wrote: Nice way of Phishing....

Yeah, seriously.
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks News 1 157 10-01-2020, 06:40 PM
Last Post: Mr.Kurd
Question News New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts Mr.Kurd 0 374 03-13-2020, 11:15 AM
Last Post: Mr.Kurd
Exclamation News A vulnerability that Allows Hackers to Hijack Facebook Accounts Mr.Kurd 0 413 03-04-2020, 07:17 AM
Last Post: Mr.Kurd
Wink News Hackers deface Facebook's official Twitter and Instagram accounts Mr.Kurd 0 426 02-08-2020, 10:39 AM
Last Post: Mr.Kurd
  News $2.3M stolen in phishing campaign that targeted Texas school district Mr.Kurd 0 415 01-14-2020, 08:42 AM
Last Post: Mr.Kurd
  News Clever MITM Operation Snags 1 Million: Mad-Architect 0 392 12-05-2019, 05:15 PM
Last Post: Mad-Architect
  News Facebook Pay ICO Fine: People Still Weary Mad-Architect 0 438 10-30-2019, 04:09 PM
Last Post: Mad-Architect
  News New Sextortion Campaign Spreads Via Phishing: Mad-Architect 0 421 10-08-2019, 03:35 PM
Last Post: Mad-Architect
  News Untold Number of Facebook User's Passwords Found On Exposed Server: Mad-Architect 0 527 09-05-2019, 03:26 PM
Last Post: Mad-Architect
  News Microsoft Discovers Clever Phishing Campaign: Mad-Architect 0 429 08-18-2019, 01:55 PM
Last Post: Mad-Architect



Users browsing this thread: 1 Guest(s)