Facebook used for phishing attacks and open redirects

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted
Facebook used for phishing attacks and open redirects

Recently, at Websense Security Labs, we have seen Facebook being used to display phishing pages for different services, as well as to redirect to phishing pages hosted elsewhere.

The first email message appears to come from Facebook Security, and requests that users confirm their account. This is just like other phishing attacks we see every day. The twist here is that the phishing page itself gets loaded from within the Facebook site using an iframe. This makes it look much more legitimate than a site hosted on another domain.

The second message is similar, but there's another URL towards the end. Clicking the link sends the user to www.facebook.com, where a script redirects the user to another Web site that contains the phishing page.

More details plus screenshots here: http://community.websense.com/blogs/securitylabs/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing