Posted by TechGeek on September 20, 2011
Phishing is an act of tricking someone into providing their confidential information such as usernames, passwords and other sensitive information. Generally, phishing is carried out via e-mail messages or on websites which claims to be a legitimate site. Attackers use popular social sites such as Facebook or MySpace to create similar looking pages on fake domains they created.
They will send emails to victims asking them to log on to the site and update account information. If you don’t look out closely the domain name used in the address bar, you will likely to send your sensitive personal information to the attacker. We are seeing so many fake domains and pages being used to carry out phishing attacks using Facebook pages. Here is one of the live examples,
Look at the highlighted address bar in the above image. The address is different than real Facebook which points to “http://www.faceworldverified.com/update/index15.php”. This is fake site created to fool victims in order to gain or steal personal information like email and password. Once victim enters his/her information like Facebook email and password, this site will steal your information and send it to remote server which is under attacker’s control. The above site then immediately sends victim to Facebook application page “http://apps.facebook.com/videos/video.php?logged=true”.
For testing we used firstname.lastname@example.org as an email and testhacker as a password. Once we enter this information, here is the HTTP GET request which sends login information to the remote server and immediately redirects victim to the Facebook application. Here is the GET request, You can clearly see email and password being sent in the above request. Remember 3 things,
1) Never click on any suspicious or unknown links send in the Email.
2) Always check domain address in the address bar of your browser before entering any information
3) Do some Google search if you came across any suspicious Phishing site and report it Google.
Stay away from phishing and spread this to your friends and family. Become a fan on our Facebook page to get valuable information.