contador web Saltar al contenido

Facebook phishing scam tries to steal login and password; know how to avoid | Security

A phishing scam used on real Facebook pages to steal users' login and password data. The strategy involves a fake email, capable of deceiving even the most attentive, with a link to a malicious application hosted on the social network.

Since the electronic address leads the recipient to the Mark Zuckerberg platform, it is easy to fall into the attack. The trap was discovered by Justin Gordon, developing web programming technologies for the Internet, last Wednesday (4).

Homographic attack: trick in the URL deceives users with fake pages

Phishing attack can fool even experienced users Photo: Divulgao / AVGPhishing attack can fool even experienced users Photo: Divulgao / AVG

Phishing attack can fool even experienced users Photo: Divulgao / AVG

In his personal blog on Medium, Gordon told about the episode that almost led him to hand over login details to criminals. The developer presented the content of the e-mail, which warned of an alleged copyright infringement on the author's page.

Written without the grammar and spelling mistakes common in attacks of this type, the message had a link to take the user directly to a real Facebook page, a fact that contributed to the sense of legitimacy of the warning.

The shortcut actually directs the victim to a malicious app hosted on Facebook. Using a form, the page asked for login data, such as email and password, from the social network. However, the developer realized something was wrong: it made no sense for Facebook to ask for this data out of context. This prompted Gordon to examine the attack email and material more carefully.

Fake email leads the victim to a real Facebook page that requests user data and password Photo: Reproduction / Justin GordonFake email leads the victim to a real Facebook page that requests user data and password Photo: Reproduction / Justin Gordon

Fake email leads the victim to a real Facebook page that requests user data and password Photo: Reproduction / Justin Gordon

The check was enough for him to identify a number of details that denounce the coup. The sender address of the message [email protected], without "e" in the platform name. In a second reading, he encountered errors in spelling and grammar, which highlighted his intention.

How to avoid falling into phishing attacks?

Example of homographic attack: note that the address, with "rn" looks a lot like the original Photo: Reproduo / ESETExample of homographic attack: note that the address, with "rn" looks a lot like the original Photo: Reproduo / ESET

Example of homographic attack: note that the address, with "rn" looks a lot like the original Photo: Reproduo / ESET

Phishing, from English, is a term referring to the idea of ??fishing for victims. The scam uses a strategy to "hook" inattentive users even tech experts like Justin Gordon are susceptible to.

The first rule to avoid the disorder is to be careful with alarmist messages, with warnings about loss of access to Internet services. It is also necessary to be wary of messages offering premiums, discounts and amazing benefits in stores, services and various applications.

Another tip is to check the sender's email address and examine the links presented in the message. A recent attack caused victims to access "www.rnercadolivre.com" with RN (in lower case) instead of "M. Called a homographic coup, this type of strategy aims to deceive the user with fake addresses, similar to those on real pages, from the use of other letters or the duplication of them, for example.