facebook phishing login page

How do you check if a website is fake or real? By checking if the URL is correct? Or you could check if the site is using HTTPS? Or even using software that detect phishing domains?

Like most Internet users, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers.

Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, told Hack Hex that his team spotted a new phishing attack campaign "that even the most vigilant users could fall for."

Vincent found that hackers are already sharing links to blogs and services that prompt visitors to first "login using Facebook account" to read an article or purchase a product.

Login with Facebook is a safe method and is being actively used by a large number of websites to make it easier for visitors to sign up.

How does it work?

When you click on "log in with Facebook" button, you either get redirected to facebook.com or are served with a new pop-up window, asking you to enter your Facebook credentials so the service can access your profile’s necessary information.

Vincent found that the malicious links are serving users with a realistic-looking fake Facebook login pages after they click the login button which has been designed to capture users’ credentials, just like any phishing site.

Vincent informed us that the fake pop-up login prompt is actually created with HTML and JavaScript, and are perfectly reproduced to look and feel exactly like a legitimate browser window.

Users can also interact with the fake browser window, drag it here-and-there or exit it in the same way.

The only way to protect yourself from this, according to Vincent, "is to actually try to drag the prompt away. If dragging it out fails, it's a definite sign that the popup is fake."

It is always recommended to enable two-factor authentication so hackers access to your credentials can't access your profile.

This article was published on Hack Hex website, under Security section, written by Dawood Khan. Share & leave us some comments on what you think about this topic or if you like to add something.

Tags: Advance Phishing Attacks, Cyber Attack, hacking news, Login with Facebook, phishing attack, phishing examples, Phishing scam, social login,