The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.
Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.
The login popup prompt is in HTML and appears very
When users visit the malicious website, they are prompted to log in with a social account. Once selected a login method, the fake login prompt will be displayed.
The credentials provided by the users are sent to the attacker.
When users click “log in with Facebook” button available on any website, they either get redirected to facebook.com or are served with facebook.com in a new pop-up browser window, asking them to enter their Facebook credentials to authenticate using OAuth and permitting the service to access their profile’s data.
Users can also interact with the fake browser window, drag it where they want or exit it like any legitimate window.
“The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.” concludes the experts.