We hear a lot these days about online security, viruses and ‘phishing’ scams, but often people are unsure about what these risks involve and how they work. This weekend I came across a fairly advanced phishing scam aimed at harvesting Facebook login details.
‘Phishing’ is when an attacker attempts to elicit confidential information from an unsuspecting user for the purposes of fraud. One very common method is the simple spam email that purports to be from your bank/online retailer/insurer/etc and asks you to ‘confirm’ your details. Should one be unwise enough to enter one’s financial details, the scammers will attempt to access and empty one’s bank account. Another strand of phishing is to attempt to gain username / password combinations – many people use the same login credentials across numerous websites, so by hijacking a Facebook or Yahoo password the attacker may also gain access to eg. Paypal accounts.
This particular scam popped up like so:
The t.co shortlink actually points to another redirect and another redirect and pops out here: http://n6rawra7tez.tumblr.com/ (you can check the shortlink using a URL Expander). What you get there is the phish – a fake Facebook login that steals the credentials:
As you can see, the page is actually a Tumblr blog, not a Facebook domain. It also doesn’t use https, so you don’t get the secure padlock symbol that you should ALWAYS CHECK FOR WHEN ENTERING CREDENTIALS. One thing I liked about this scam is that if you enter credentials (or nothing, or anything) and click ‘Log in’ you get an innocent looking holiday snap:
I’m guessing that this helps to prevent people from realising they’ve been phished – they click the link their friend sends them, ‘log in’ with Facebook and then see a picture. They then go about their day while the attacker gets to work trying to find a nefarious use for the stolen credentials.
So that’s how one phishing scam works, but believe me there are many many more methods being used – the best ones we don’t even know about yet… stay safe and have a nice day.