RSS

Facebook phishing: Can you spot the difference?

04 Jun

Craft is a good word but it can be worst when you do it for a selfish and wicked motive. What have we here,… Facebook page on a fake URL, whoah!!! I am tempted to believe that the cyber laws are actually disabled. I wish they can at least be in invisible mode, it’ll be better. This is from Graham Cluley from Sophos naked security on June 3, 2011, he said:

We’ve seen some messages being spread on Facebook in the last day or so, claiming to link to a video of Barack Obama. Most of them appear to have been cleaned up by now (presumably by Facebook Security) but there are still some remnants lying around.

Here’s a typical message:

Facebook phishing message

hello have you seen this recent video on the president? What is he doing in it?! LOL

or

What's the president doing in this video. OMG LOL!

Some versions of the message give away that the link will ultimately take you to a website ending with .co.cc. Almost all of the links we see in SophosLabs which end with “.co.cc” contain “bad stuff”. Perhaps it would be simplest if everyone simply avoided .co.cc links (and close cousins such as .cz.cc) as they are tainted by association.

And what sort of name is hzjqorbbmdnf anyway?

Regardless of the dodgy-looking nature of the link – what happens if you click on it?

Well, you will be redirected to what appears on first glance to be a Facebook login page. However, in reality, it’s a phishing page designed to steal email addresses and passwords from users who are so keen to see a video of their president that they’ll type in their credentials without thinking.

Here’s the fake login page:

The fake Facebook login page

And here’s Facebook’s genuine login page:

The real Facebook login page

Did you spot all the differences?

Here’s the ones I found – well done if you spotted even more!

Differences

Starting at the very top –

1. The genuine login page calls itself “Log in” in its title bar. Amusingly, the real Facebook is inconsistent as to whether you “Log in” or “Login” to Facebook as later in the page it refers to “Facebook Login”. It’s odd to see a phishing page be more professional than the real thing.

2. That’s clearly not Facebook’s genuine URL. Interestingly, other pages on the domain contain clickjacking scams.

3. The real page gives me more language options – including UK English and Welsh which aren’t available on the phishing page. It’s possible that the real Facebook is doing some GEO-IP lookups and determined that I’m visiting from the UK – maybe users in other countries don’t see those options.

4. The phishers have the copyright date incorrect, believing it to be 2010 rather than 2011.

5. There are many more link options made available to me in the footer of the real login page, including “Badges”, “Mobile”, “People”, etc.

There’s bound to be more differences than the ones I spotted though. So, leave a comment below if you find any more.

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Update: Wow! I can always rely on the eagle-eyed Naked Security readers who spotted some other differences.

More differences

My advise, do not just rush to fill out forms giving your login information. Look at the address bar, if you see this https://www.facebook.com, that is where you enter your username and password. Anything besides these exact letters, punctuation, and the order, DO NOT enter your info.

Advertisements
 
Leave a comment

Posted by on June 4, 2011 in Information Security

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: