Date:19/06/17
Security researchers from PhishLabs have come across a new phishing trend that's targeting mobile device owners exclusively, with "the highest proportion of attacks" aimed at Facebook users.
This new tactic relies on the fact that mobile browsers have very narrow URL address bars, which prevents users from viewing the entire contents of a link. Phishers are taking advantage of this UI inconvenience to pad URLs with subdomains and hyphens, making some links look authentic on mobile devices.
For example, take the following URL, seen by PhishLabs experts in real-world attacks.
hxxp://m.facebook.com----------------validate----step1.rickytaylk[dot]com/sign_in.html
The real domain of this website is rickytaylk.com, and not "m.facebook.com". Because a mobile browser will show only the first part of the URL, users will see only the "m.facebook.com" section, followed by an endless stream of hyphens.
Inattentive users will be fooled to think they're on the mobile login page of the real Facebook and give away their credentials to these crooks.
PhishLabs experts say that in most cases, attackers use these credentials to spam a user's friends, and also send their phishing pages to other users, spreading the infection to others.
Most phishing attacks using this technique have targeted Facebook users. Experts say they've seen this same tactic also deployed against services such as Apple iCloud, Comcast, Craigslist, and OfferUp.
hxxp://login.Comcast.net-------account-login-confirm-identity.giftcardisrael[dot]com/
hxxp://accounts.craigslist.org-securelogin--------------viewmessage.model104[dot]tv/craig2/
hxxp://offerup.com------------------login-confirm-account.aggly[dot]com/Login%20-%20OfferUp.htm
hxxp://icloud.com--------------------secureaccount-confirm.saldaodovidro[dot]com.br/
Crane Hassold, the expert who detailed this tactic this week, says that one of the reasons that makes this phishing attack very effective is that users can't hover links on mobile devices, so they are not capable of determining if a link is safe or not before tapping on it.
"Until you visit the site, you have no way of knowing whether it’s legitimate," Hassold says. "And, as we’ve already seen, once you’re there [on the site] the URL padding approach is highly effective at obscuring the site’s real domain."
Hassold says that many of these phishing links using URL padding have been sent via SMS. While some mobile browsers and IM applications allow you to tap and hold your finger over a link to reveal its full URL, most SMS applications do not come with this feature.
Also this week, researchers from PhishMe have come across another novel phishing technique. This one targets PayPal users and involves the phisher asking the user to upload a selfie of himself holding his ID card.
New Phishing Tactic Targeting Facebook Users Relies on Padding URLs with Hyphens
Security researchers from PhishLabs have come across a new phishing trend that's targeting mobile device owners exclusively, with "the highest proportion of attacks" aimed at Facebook users.This new tactic relies on the fact that mobile browsers have very narrow URL address bars, which prevents users from viewing the entire contents of a link. Phishers are taking advantage of this UI inconvenience to pad URLs with subdomains and hyphens, making some links look authentic on mobile devices.
For example, take the following URL, seen by PhishLabs experts in real-world attacks.
hxxp://m.facebook.com----------------validate----step1.rickytaylk[dot]com/sign_in.html
The real domain of this website is rickytaylk.com, and not "m.facebook.com". Because a mobile browser will show only the first part of the URL, users will see only the "m.facebook.com" section, followed by an endless stream of hyphens.
Inattentive users will be fooled to think they're on the mobile login page of the real Facebook and give away their credentials to these crooks.
PhishLabs experts say that in most cases, attackers use these credentials to spam a user's friends, and also send their phishing pages to other users, spreading the infection to others.
Most phishing attacks using this technique have targeted Facebook users. Experts say they've seen this same tactic also deployed against services such as Apple iCloud, Comcast, Craigslist, and OfferUp.
hxxp://login.Comcast.net-------account-login-confirm-identity.giftcardisrael[dot]com/
hxxp://accounts.craigslist.org-securelogin--------------viewmessage.model104[dot]tv/craig2/
hxxp://offerup.com------------------login-confirm-account.aggly[dot]com/Login%20-%20OfferUp.htm
hxxp://icloud.com--------------------secureaccount-confirm.saldaodovidro[dot]com.br/
Crane Hassold, the expert who detailed this tactic this week, says that one of the reasons that makes this phishing attack very effective is that users can't hover links on mobile devices, so they are not capable of determining if a link is safe or not before tapping on it.
"Until you visit the site, you have no way of knowing whether it’s legitimate," Hassold says. "And, as we’ve already seen, once you’re there [on the site] the URL padding approach is highly effective at obscuring the site’s real domain."
Hassold says that many of these phishing links using URL padding have been sent via SMS. While some mobile browsers and IM applications allow you to tap and hold your finger over a link to reveal its full URL, most SMS applications do not come with this feature.
Also this week, researchers from PhishMe have come across another novel phishing technique. This one targets PayPal users and involves the phisher asking the user to upload a selfie of himself holding his ID card.
Views: 441
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
