Facebook phishing trick

You can be phished even when you see “facebook.com” in address bar

Last month, I showed you how hackers used “puny codes” to phish you. Today, I will show you another trick they are using to deceive you.

Let’s say you decide to log into a website via Facebook. You saw a web-browser window popped up with “facebook.com” at the address bar, along with the padlock. You are using Chrome and Safari, so you can be sure it is not using puny codes to hoodwink you. It can’t be yet another trick right?

Unfortunately, this is yet another deception. The video below explains how:

What happened was that the pop-up window was actually not a web-browser window. It was a realistic render of a web-browser window within the web page.

The video showed you how to detect this trick by dragging the ‘window’ around the web page and check if portions of the window disappeared when you drag it beyond the edge. But realistically speaking, you cannot expect every user to remember to do this every time.

Fortunately, if you use a password-manager that auto-fills passwords for you (eg LastPass), you will be automatically protected from this trick. Password managers will be able to recognise that you are not in “facebook.com” and therefore, refuse to auto-fill your Facebook password for you. When that happens, you will smell a rat.

This is yet another reason why I advised you to use a password manager. As I explained before, if you do not use one, you will eventually be hacked.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from iSecurityGuru

Subscribe now to keep reading and get access to the full archive.

Continue reading