New Clever Phishing Scam Targeting Facebook Users

Most Facebook users are frequently using the Facebook on their smartphones, now they should be careful because security researchers have discovered a new phishing technique by hackers that target smartphone owners (especially Facebook users).

PhishLabs security researchers said that the new attack method depends on the issue that mobile browsers have very small URL address bars, which limits users from seeing the whole contents of a link. By taking advantage of this issue, attackers were able to pad URLs with Sub-domains and hyphens, which make URLs seem real on mobile devices, but in reality, it will redirect them to the attacker’s site (scam).

PhishLabs also said that the attacker will use something like the following –
http://m.facebook.com—————-validate—-step1.rickytaylk[dot]com/sign_in.html
to scam users and make them think that they are visiting the original site and giveaway their Facebook credentials to these hackers.

The actual domain of the previous website is “rickytaylk.com”, and not “m.facebook.com”. That happened because the mobile browser will display only the first part of the URL, users will see only the “m.facebook.com” part, followed by an endless stream of hyphens.

The URL re-direction can only take place once you are out of the Facebook app. So make sure you evade logging in through your browser to Facebook and if you do check the whole domain content.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome