Wednesday, January 15, 2025
HomePhishingBeware: Innovative Phishing Threat Targeting Facebook Mobile Users

Beware: Innovative Phishing Threat Targeting Facebook Mobile Users

Published on

In the past, we came through a number of Phishing campaigns where the attackers using Valid TLD itself for phishing and the Punycode attack demonstrated by Xudong Zheng.

Now hackers find a new way innovative method to create believable URL’s and targeting mobile users, specifically Facebook users.Security experts from Phishlabs came through this new campaign targeting mobile users.

Security expert Crane Hassold says “Instead of attempting to make genuine looking
URLs, threat actors have begun including genuine, legitimate domains within a
longer URL, and padding it with hyphens to hide the real target“.

For Example

hxxp://m.facebook.com-------------validate----step1.rickytaylk[dot]com/sign_in.html

You can see the URL starts with m.facebook.com but the real destination URL here is rickytaylk.com, not  m.facebook.com.

Innovative Phishing Threat Targeting Facebook Mobile Users
Source: PHISHLABS

You can see the screenshot, where you can see only the m.facebook.com and an endless stream which hides the original target address.This smart addition of the Facebook favicon in the address bar looks like the site is exceptionally genuine.

Lack of attention

Inattentive mobile users easily fall into the trap and give away their valuable credentials to the attackers. Generally, these phishing URL’s are transferred through SMS, Chats, and Emails.

Here you can see some more examples.

hxxp://login.Comcast.net-------account-login-confirm-identity.giftcardisrael[dot]com/      
hxxp://accounts.craigslist.org-securelogin--------------viewmessage.model104[dot]tv/craig2/  
hxxp://offerup.com------------------login-confirm-account.aggly[dot]com/Login%20-%20OfferUp.htm  
hxxp://icloud.com--------------------secureaccount-confirm.saldaodovidro[dot]com.br/

Crane Hassold says “it’s highly likely that this tactic is being distributed via SMS phishing or through the social messenger, rather than email”.

One can easily identify the Phishing URL that sent through email by just hovering our the link, but that is not possible if the URL provided through SMS.

Security researchers said they have spotted more than 50 attacks of this type and has a rapid growth from last March.

Hackers not using this method for credential harvesting alone, they use to send more phishing URL’s via status updates or private messages.

Common Defence’s against phishing

  • We know logically the organizations like Facebook will not send the login URL through SMS. You should think that before opening.
  • Always make sure that you entering Login credentials and Card details on a HTTPS page.
  • Don’t open the attachments that you are not expecting.
  • Hover the URL to find the URL’s Integrity.
  • It is always better to type the URL directly in the address bar.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Aembit Announces Speaker Lineup for the Inaugural NHIcon

Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for...

Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%

Sweet Security, a leader in cloud runtime detection and response, today announced the launch...

ShadowSyndicate Hackers Added RansomHub Ransomware to their Arsenal

ShadowSyndicate is a prolific threat actor that has been active since July 2022, collaborated...

5,000 WordPress Sites Hacked in New WP3.XYZ Malware Attack

Widespread malware campaigns detected by side crawlers exploit vulnerabilities on multiple websites where the...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Using YouTube Links and Microsoft 365 Themes to Steal Logins

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs...

Hackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit Card Data

Fraudsters in the Middle East are exploiting a vulnerability in the government services portal....

Beware! Fake Crowdstrike Recruitment Emails Spread Cryptominer Malware

CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment...