The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.
Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.
The login popup prompt is in HTML and appears very
When users visit the malicious website, they are prompted to log in with a social account. Once selected a login method, the fake login prompt will be displayed.
The credentials provided by the users are sent to the attacker.
When users click “log in with Facebook” button available on any website, they either get redirected to facebook.com or are served with facebook.com in a new pop-up browser window, asking them to enter their Facebook credentials to authenticate using OAuth and permitting the service to access their profile’s data.
Users can also interact with the fake browser window, drag it where they want or exit it like any legitimate window.
“The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.” concludes the experts.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.