The Evolving Face of Phishing
New phishing scams show that cybercriminals are getting wiser about how they try to steal your login information.
Phishing scams come in all shapes and sizes. Some hook you through fake emails, while others get you through fake websites. However, they all have the same final goal: to steal your personal information to use or sell at a later date.
While many of us have become more sophisticated internet users, able to spot a classic phishing attempt a mile away, that hasn’t stopped cybercriminals from trying.
This has caused malicious hacker groups to up their game, creating elaborate phishing ploys that can fool even the most watchful among us.
A recently discovered attack showed just how advanced these attempts have become.
Here’s how this type of attack works:
- An unsuspecting user is sent to a website that looks exactly like a legitimate one.
- They are then prompted to log into Facebook before they can proceed further.
- A prompt that looks exactly like a legitimate prompt to open Facebook appears, causing the visitor to click “open”.
- A quick video of Safari tabs changing is shown, fooling the user into believing that they were really entering Facebook.
- Entering login details on this fake Facebook page then compromises the user’s account.
As you can see, there have been elaborate steps taken to deceive the user, and many of these are hard to notice.
If you’re being asked to enter your Facebook credentials, take some steps to ensure that you’re not being taken for a ride:
- Always have 2FA enabled. If the login doesn’t prompt your 2FA to go off on a second device, then you’ve likely been compromised.
- Check the URLs of any page that asks for login credentials.
- Use different passwords or passphrases for all of your accounts, so that one compromised password doesn’t completely expose you.