Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users.
The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.
Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.
The login popup prompt is in HTML and appears very realistic-looking, the status bar, navigation bar, shadows, and content also look exactly like a legitimate login prompt.
When users visit the malicious website, they are prompted to log in with a social account. Once selected a login method, the fake login prompt will be displayed.
The credentials provided by the users are sent to the attacker.
When users click “log in with Facebook” button available on any website, they either get redirected to facebook.com or are served with facebook.com in a new pop-up browser window, asking them to enter their Facebook credentials to authenticate using OAuth and permitting the service to access their profile’s data.
Users can also interact with the fake browser window, drag it where they want or exit it like any legitimate window.
“The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.” concludes the experts.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.