How do you check if a website is fake or real? By checking if the URL is correct? Or you could check if the site is using HTTPS? Or even using software that detect phishing domains?
Like most Internet users, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers.
Vincent found that hackers are already sharing links to blogs and services that prompt visitors to first “login using Facebook account” to read an article or purchase a product.
Login with Facebook is a safe method and is being actively used by a large number of websites to make it easier for visitors to sign up.
How does it work?
When you click on “log in with Facebook” button, you either get redirected to facebook.com or are served with a new pop-up window, asking you to enter your Facebook credentials so the service can access your profile’s necessary information.
Vincent found that the malicious links are serving users with a realistic-looking fake Facebook login pages after they click the login button which has been designed to capture users’ credentials, just like any phishing site.
Users can also interact with the fake browser window, drag it here-and-there or exit it in the same way.
The only way to protect yourself from this, according to Vincent, “is to actually try to drag the prompt away. If dragging it out fails, it’s a definite sign that the popup is fake.”
It is always recommended to enable two-factor authentication so hackers access to your credentials can’t access your profile.