Scam of the Week – Facebook users hit with sneaky phishing scam

February 28, 2019 2:01 pm Geraldine Strawbridge

A convincing new Facebook scam has emerged that appears to be tricking even the most vigilant of users.

Cybercriminals have created an almost exact replica of Facebook’s “Log in With Facebook” pop-up window to dupe users into handing over their credentials.

The status bar, navigation bar, shadows and content have all been perfectly cloned to look exactly like a legitimate single sign-on login prompt.

Single sign-on, or SSO, is a feature that enables users to use one set of login credentials, typically Facebook or Google, to log into another third-party website. Rather than create separate passwords for multiple accounts, users can conveniently use the same login details to gain access to individual sites.

Using HTML coding, the crooks have been able to realistically reproduce the single sign-on prompt to encourage as many people as they can to enter their details. The next stage is to prompt the user into visiting a malicious website that has already been embedded with the code.

Upon selecting a login method, the fake login prompt is presented and it’s so convincing that the user can interact with it, drag it and dismiss it in the same way they would a legitimate prompt.

As soon as the user fills out their username and password, the details are sent straight back to the attackers and they can take immediate control of the individual’s Facebook account.

Facebook users hit with sneaky phishing scam

The scam was discovered by security researchers with Password manager firm Myki, when their users started complaining that password manager was not auto-filling passwords on specific websites for popular domains.

The company was quick to investigate the scam and as soon as they realised the level of deception involved, they wanted to “raise awareness on the issue as quickly as possible, due to how realistic and convincing the campaign is”.

Antoine Vincent Jebara, co-founder and CEO of Myki advised users: “The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.”

Legitimate sign-in prompts from Facebook and Google can be dragged outside of the window of a third-party website without any part of the login prompt disappearing. However, in a fake SSO, portions of the prompt will disappear which should act as an immediate red flag.

Another red flag that may indicate the presence of a fake Facebook login page, is if your password manager is not auto-filling as it should. Despite the address appearing to be an official Facebook domain, the actual URL address used by the crooks is fake and won’t be recognised.

The scam is yet another example of how attackers are continually trying out new methods to snare potential victims. Users should be extra vigilant and consider the use of multifactor authentication on all social media accounts to add another layer of defence against attacks.

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, contact us to find out how we can help.

Related Reading

How to protect yourself against Facebook Phishing

How to report a phishing scam