Facebook Hacking “URL Padding” A New Facebook Phishing Technique - Latest Gadgets News

Breaking

Latest Gadgets News

latest Technology News

Ads

Post Top Ad

Post Top Ad

Responsive Ads Here

Sunday, 6 August 2017

Facebook Hacking “URL Padding” A New Facebook Phishing Technique





What is URL Padding phishing?

The notorious hackers have found a new way to fool the users by creating fake and believable URLs. Focused on mobile devices, which have narrow URL bars, the hackers are using real domains within a larger URL. They are padding the larger URL with hyphens to hide the real destination in the address bar.
Let me show you how it’s being done (Courtsey: Phishlabs). For example, take a look at the following URL:
hxxp://m.facebook.com—————-validate—-step9.rickytaylk[dot]com/sign_in.html
You’ll note that while this URL starts with m.facebook.com, which is the legitimate address of your favorite website, the actual domain is rickytaylk(dot)com. Taking this dirty game even a step ahead, the hackers are also using words like login, secure, account, validate, etc. just after the series of hyphens.
Now, if we put this whole URL in a mobile browser’s address bar and add a Facebook logo as rickytaylk(dot)com’s favicon, it’ll look pretty convincing. All that remains is fake Facebook login page to capture username and password.


Fake Facebook login page (Image: Phishlabs)
Fake Facebook login page (Image: Phishlabs)
The hackers are also using similar type of genuine-looking URLs and login pages for iCloud, which reminds me of Fappening leaks, Comcast, Craigslist, etc.

How to save yourself from URL Padding Facebook phishing attack?

As pointed out by the researchers, Facebook accounts are becoming the biggest targets. Also, as compared to desktop, users treat mobile phones differently.
Phishlabs has mentioned the possibility of the propagation of this attack using SMS phishing or social messenger. As people assume that SMS and social media posts are a legitimate source of communication.
The researchers have urged the users to stop for a moment before clicking a link or following instructions. Facebook or any other service won’t send you login links via SMS or other sources. Also, don’t click on links sent to you via unknown people.
You can read more about the URL Padding Facebook phishing attack in this blog post.

No comments:

Post a Comment

Post Top Ad

Responsive Ads Here