A "very realistic-looking" login prompt is designed to capture users' Facebook credentials, researchers report.
A recently spotted phishing campaign is seemingly intended to steal victims' Facebook login credentials with a fake pop-up prompt designed to look like a legitimate login portal.
Researchers with Myki, a password management company, were alerted to the threat when users complained the tool wasn't auto-completing passwords on popular websites as usual. Upon investigation, the researchers began to think users were being deceived via malicious websites.
"The attack is based on the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block," says Myki co-founder and CEO Antoine Vincent Jebara. The status bar, navigation bar, shadows, and content are reproduced to look like a real prompt.
When victims visit a malicious site, they are asked to authenticate using a social media account – in this case, Facebook. When they choose a login method, the site displays a fake login prompt. Users who fill in their credentials will automatically send their information to attackers.
Jebara recommends a quick check to test for fraudulent pop-up windows: Try to drag the pop-up away from the window it is displayed in, he advises. If dragging it out fails and part of the pop-up disappears beyond the edge of the window, it's a sign the pop-up is fake.
Read more details here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author(s)
You May Also Like
Unleash the Power of Gen AI for Application Development, Securely
March 19, 2024The Anatomy of a Ransomware Attack, Revealed
March 20, 2024How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
March 26, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024Building a Modern Endpoint Strategy for 2024 and Beyond
March 27, 2024