Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Facebook Phishing via SMS - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Facebook Phishing via SMS

Facebook accounts are still a pretty hot commodity to spread malware. No ruse works better than having a "Friend" offer you some new software or browser extension. As a result, we keep seeing attempts to phish Facebook credentials. Late last week I came across a simple example of such an attempt that in particular targeted users of mobile devices. Mobile browsers have long been an easier target for phishing. They often do not display the full URL (or any URL) to safe limited screen real estate. Many of the queues users are looking for in desktop browsers are harder to make out in mobile browsers.

This particular attack started with a simple SMS message. This technique as also been called "smishing" (SMS Phishing).

The attacker managed to obtain a hostname starting with "facebook." A vigilant user may, however, realize that this is the domain of a Bulgarian University.

Upon clicking on the link, a reasonably well-done copy of the facebook login page is displayed. Luckily, in this case, the full URL fits into the URL bar.

The attacker went even so far as to do some simple input validation. If random data is entered, an error message is displayed:

If a correctly formed e-mail address is entered, the user is redirected to the actual Facebook login page.

 

---
Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute
Twitter|LinkedIn

Defending Web Applications Security Essentials - Secure DevOps Summit & Training 2018

Johannes

3369 Posts
ISC Handler
Nice - I'll post it to my FB page - note, you have "queues" where, I believe, you meant "cues". Took me a while, trying to think what queue the FB user would be in ;->
Anonymous

Sign Up for Free or Log In to start participating in the conversation!