Skip to main content

A New Facebook Phishing Technique Named “URL Padding” Is Here To Steal Your Password


FACEBOOK PHISHING URL PADDING
The security researchers at PhishLabs have uncovered a new type of Facebook phishing attack that uses the URL Padding technique. The tactic targets the mobile users and fools them by making the deceptive links look authentic. As a result, casual users end up
visiting the web page and leaking their login credentials.
As we continue to spend more and more hours online, we must up our security game and make sure that we don’t end up losing our data and credentials. However, the reality is grim. Be it the rising threat of ransomware or increasing data theft, the irresponsible security practices of the users are responsible to a great extent.
By exploiting the inattentiveness of the users, a new kind of phishing attack is expanding its web to target Facebook users. So, let’s tell you about this attack in detail.

What is URL Padding phishing?

The notorious hackers have found a new way to fool the users by creating fake and believable URLs. Focused on mobile devices, which have narrow URL bars, the hackers are using real domains within a larger URL. They are padding the larger URL with hyphens to hide the real destination in the address bar.
Let me show you how it’s being done (Courtsey: Phishlabs). For example, take a look at the following URL:
hxxp://m.facebook.com—————-validate—-step9.rickytaylk[dot]com/sign_in.html
You’ll note that while this URL starts with m.facebook.com, which is the legitimate address of your favorite website, the actual domain is rickytaylk(dot)com. Taking this dirty game even a step ahead, the hackers are also using words like login, secure, account, validate, etc. just after the series of hyphens.
Now, if we put this whole URL in a mobile browser’s address bar and add a Facebook logo as rickytaylk(dot)com’s favicon, it’ll look pretty convincing. All that remains is fake Facebook login page to capture username and password.

Fake Facebook login page (Image: Phishlabs)
Fake Facebook login page (Image: Phishlabs)

The hackers are also using similar type of genuine-looking URLs and login pages for iCloud, which reminds me of Fappening leaks, Comcast, Craigslist, etc.

How to save yourself from URL Padding Facebook phishing attack?

As pointed out by the researchers, Facebook accounts are becoming the biggest targets. Also, as compared to desktop, users treat mobile phones differently.
Phishlabs has mentioned the possibility of the propagation of this attack using SMS phishing or social messenger. As people assume that SMS and social media posts are a legitimate source of communication.
The researchers have urged the users to stop for a moment before clicking a link or following instructions. Facebook or any other service won’t send you login links via SMS or other sources. Also, don’t click on links sent to you via unknown people.
You can read more about the URL Padding Facebook phishing attack in this blog post.

Comments

WHAT'S HOT

Learn How To Download Videos From Popular Platforms Such As YouTube, Facebook, Twitter, Instagram And Any Others

Having trouble downloading that video your crush shared on Instagram or one of those adorable cat videos on YouTube? Refer our guide to learn how to download videos from popular platforms such as YouTube, Facebook, Twitter, Instagram and many others.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE

The First Ubuntu 17.10 Beta Release Is Finally Here-Download 7 Different Flavors Here

Following the tradition, the first Beta release hasn’t witnessed the participation of default Ubuntu release, which will now ship with GNOME desktop environment. This brings us to the

Windows 10 Showing Black Screen After Login- Here's How To Fix It

Redditor kek4dayz has posted about a Windows 10 black screen that appears after he logs-in to his account. It takes around 10 minutes for the desktop to show up. The said black screen was nowhere to be seen on his HP Omen laptop until he updated his system.