Skip to main content

A New Facebook Phishing Technique Named “URL Padding” Is Here To Steal Your Password


FACEBOOK PHISHING URL PADDING
The security researchers at PhishLabs have uncovered a new type of Facebook phishing attack that uses the URL Padding technique. The tactic targets the mobile users and fools them by making the deceptive links look authentic. As a result, casual users end up
visiting the web page and leaking their login credentials.
As we continue to spend more and more hours online, we must up our security game and make sure that we don’t end up losing our data and credentials. However, the reality is grim. Be it the rising threat of ransomware or increasing data theft, the irresponsible security practices of the users are responsible to a great extent.
By exploiting the inattentiveness of the users, a new kind of phishing attack is expanding its web to target Facebook users. So, let’s tell you about this attack in detail.

What is URL Padding phishing?

The notorious hackers have found a new way to fool the users by creating fake and believable URLs. Focused on mobile devices, which have narrow URL bars, the hackers are using real domains within a larger URL. They are padding the larger URL with hyphens to hide the real destination in the address bar.
Let me show you how it’s being done (Courtsey: Phishlabs). For example, take a look at the following URL:
hxxp://m.facebook.com—————-validate—-step9.rickytaylk[dot]com/sign_in.html
You’ll note that while this URL starts with m.facebook.com, which is the legitimate address of your favorite website, the actual domain is rickytaylk(dot)com. Taking this dirty game even a step ahead, the hackers are also using words like login, secure, account, validate, etc. just after the series of hyphens.
Now, if we put this whole URL in a mobile browser’s address bar and add a Facebook logo as rickytaylk(dot)com’s favicon, it’ll look pretty convincing. All that remains is fake Facebook login page to capture username and password.

Fake Facebook login page (Image: Phishlabs)
Fake Facebook login page (Image: Phishlabs)

The hackers are also using similar type of genuine-looking URLs and login pages for iCloud, which reminds me of Fappening leaks, Comcast, Craigslist, etc.

How to save yourself from URL Padding Facebook phishing attack?

As pointed out by the researchers, Facebook accounts are becoming the biggest targets. Also, as compared to desktop, users treat mobile phones differently.
Phishlabs has mentioned the possibility of the propagation of this attack using SMS phishing or social messenger. As people assume that SMS and social media posts are a legitimate source of communication.
The researchers have urged the users to stop for a moment before clicking a link or following instructions. Facebook or any other service won’t send you login links via SMS or other sources. Also, don’t click on links sent to you via unknown people.
You can read more about the URL Padding Facebook phishing attack in this blog post.

Comments

WHAT'S HOT

Fappening 2.0 Continues: Modern Family Actress Sarah Hyland Has Become The Latest Victim Of Notorious Hackers [Private Photos, Video Leaked]

Modern Family actress Sarah Hyland has become the latest victim of notorious hackers. Her private pictures and video have been posted online on infamous website Celeb Jihad. According to media sources, Sarah’s lawyers are planning to take legal action against the websites who choose to publish the leaked material. Meanwhile, the actual powers behind the leak are unknown.

Fedora 26 Released with Biggest Features - Download Here

Fedora 26 is the latest version of Fedora operating system. This version ships with the default GNOME 3.24 desktop environment andLinux kernel 4.11.8. Fedora 26 also marks the release of a new spin in the form of LXQt desktop edition. The other major change is the Fedora

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the