A Phishing Attack Even the Most Aware Can Fall For
Threat Level: 3
It seems to be getting harder and harder to detect if a website is fake or not. So what are you supposed to do if a website asks for your credentials? Do you trust it? Even webpages that are commonly used and known to be safe can be duplicated as fake pages and in turn, cause a threat.
According to Antoine Vincent Jebara, the co-founder and CEO of Myki, which is a password managing software, his team spotted a new phishing attack campaign that is tough to determine whether it is dangerous or not. It is not uncommon to come across a screen that asks you to “login using Facebook account” first, before viewing and being redirected to another particular page. Typically, this is a safe method and is used by many websites to make it easier for visitors to sign up for a third-party service.
However, what was found was cybercriminals distributing links to blogs and other services to the pages that prompt visitors to “login using Facebook account.” These fake blogs and online services are made to look like the real websites, but instead are duplicates that capture credentials of the users. They are extremely difficult to determine whether they are fake or not, because it looks like a real browser window, including a status bar and navigation bar. It also includes a URL to the Facebook website with a green lock pad, which would indicate a valid HTTPS.
Of course, when there is a phishing attack like this one, it is very difficult to protect yourself from it. However, according to Antoine Vincent Jebara, there is a fairly simple way to handle it.
He states to simply “try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake.”
It is also recommended to enable two-factor authentication, which would prevent hackers from accessing your private information.
Phishing schemes continue to be one of the most dangerous threats out there, especially since hackers are constantly thinking of new and creative ways to get your information. The more aware you are, the better chance you have of not falling victim to these schemes. Remember, just because a website asks for your credentials, doesn’t mean you have to give it to them.
Categorised in: IT Threat