Recently, the security researchers at PhishLabs has discovered a new type of severe Facebook phishing attack that looks like legitimate and simply uses the URL Padding technique.
This New Phishing Attack Can Easily Steal Your Facebook Password
If you are a user of social networks, then beware, because a new phishing attack has been detected that is intended to steal your Facebook credentials. Be very careful and do not sting!
Security firm PhishLabs has been in charge of giving the alarm. According to their report, cybercriminals are using fake URLs targeted at users accessing the social network through their mobile devices. Attackers use the small size of the address bar of browsers for the smartphone, so they create fraudulent addresses that may seem a priori legitimate.
The researchers point out as an example of this type of phishing technique a URL like the following:
Hxxp: //m.facebook.com—————-validate—-step1.rickytaylk [dot] com / sign_in.html
As you can see, the principle of address may seem legitimate to the naked eye, since the user can only see the dashes in the browser bar of the mobile phone. However, it really does not address Facebook, it is a fake page that perfectly replicates the design of the social network.
In this way, victims who access this fraudulent link, which may have been sent via email or instant messaging services, believe that they are on the social network website and enter their username and password in the respective Fields on the home page. By doing so, your Facebook credentials are stored on the attackers’ server, which can be used for malicious purposes.
To avoid being a victim of this new phishing technique, always check the complete address of the links you receive, especially on your mobile phone. If you have doubts about the legitimacy of the links that lead to social networks, it is preferable to access from the app for your smartphone or manually type the URL in your browser.
So, what do you think about this new phishing technique? Simply share your views and thoughts in the comment section below.