Facebook’s 1.65 Billion Users Targeted by Phishing Scam

This week Facebook announced it has reached 1.65 billion users. At the same time, a new phishing scam has been discovered that targets Facebook users and attempts to steal their login credentials. Th...
Blog rating:1.8 out of5 with9 ratings

Facebook’s 1.65 Billion Users Targeted by Phishing Scam

by NewsEditor_ on April 28th, 2016 in Industry and Security News.

This week Facebook announced it has reached 1.65 billion users. At the same time, a new phishing scam has been discovered that targets Facebook users and attempts to steal their login credentials. The scam inserts a fake website window known as an iframe inside the real Facebook site, prompting users to re-enter their username and password under the guise of a “Facebook Page Verification.” 

An iframe is a document embedded inside a website which can insert contents from another online source. According to researchers at NetCraft, the source of this iframe is outside of Facebook, allowing attackers to collect user information through the fake form. Phishing scams involve cybercriminals who attempt to acquire sensitive information by posing as a trustworthy entity such as a social network. While there has been no mention of how users are being directed to this fake page within Facebook, the likely source would be through email links or through links sent by compromised Facebook accounts. 

The information targeted in this phishing attack includes the user’s email, phone number, password, security question and answer used to log in to a Facebook account. In addition to embedding a very convincing Facebook-style prompt within Facebook’s own pages, this phishing attack forces users to enter their information twice, giving them an error message the first time they enter their credentials. This ensures that if users suspect a phishing attempt and enter fake credentials, they’ll be reassured the prompt is legitimate. Additionally, this lets the cybercriminals verify the stolen credentials by forcing users to provide them twice. According to security researchers at NetCraft, “This phishing attack works regardless of whether the victim is already logged in, so there is little chance of a victim being suspicious of being asked to log in twice in immediate succession."

Average: 1.8 (9 votes)

Facebook Comments Box

x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now