How phishing works?
In simple words, Phishing is a process of creating a duplicate copy of a reputed website’s page in the intention of stealing user’s password or other sensitive information like credit card details.
In our topic, Creating a page which perfectly looks like Facebook login page but in a different URL like fakebook.com or faecbook.com or any URL which pretends to be legit. When a user lands on such a page, he/she might think that is real Facebook login page and asking them to provide their username and password. So the people who do not find phishing page suspicious might enter their username, password and the user information would be sent to the hacker who created the phishing page, simultaneously the victim would get redirected to original FB page.
Example: John is a programmer, he creates a FB login page with some scripts that enable him to get the username and password information. John put this fake login page in https://www.facebouk.com/make-money-online-tricks. Peter is a friend of John. John sends a message to Peter “Hey Peter, I found a free trick to make money online easily, you should definitely take a look at this https://www.facebouk.com/make-money-online-tricks-free”. Peter navigate to the link and see a Facebook login page. As usual Peter enters his username and password of FB. Now the username and password of Peter was sent to John and Peter get redirected to a money making tips page https://www.facebouk.com/make-money-online-tricks-tips-free.html. That’s all & now Peter’s Facebook account has been successfully hacked!
How could you protect yourself from online FB phishing?
Hackers can reach you in many ways like email, personal messages, FB messages, Website ads etc. Clicking any links from these messages would lead you to a Facebook login page. Whenever you find a FB login page, you should note only one thing which is URL because nobody can spoof / use Facebook URL except when there are some XSS zero day vulnerabilities but that’s very rare.
1. What is the URL you see in browser address bar?
2. Is that really https://www.facebook.com/ (Trailing slash is important since it is the only separator in Google chrome to distinguish domain and sub domain. Check out the below examples to know the difference)?
3. Is there a Green colour secure symbol (HTTPS) provided in the address bar?
Keeping these questions in your mind would prevent you from getting hacked of online phishing pages. Also see the below examples of phishing pages.
Some super perfect phishing pages are listed below.
Facebook Phishing Page – Note the misleading URL
Most of the people won’t suspect this page (snapshot given above) since there is https prefix with green colour secure icon and no mistake in www.facebook.com. But this is a phishing page, how? Note the URL correctly. It is https://www.facebook.com. infoknown.com so www.facebook.com is a subdomain of infoknown.com. Google Chrome do not differentiate the sub-domain and domain unlike Firefox do.
SSL Certificates (HTTPS) can be obtained from many online vendors, few vendors give SSL Certificate for Free for 1 year. Its not a big deal for a novice to create a perfect phishing page like this. So be aware of it.
Facebook Phishing Page – Note the misleading URL.
This is a normal FB Phishing page with some modification in the word Facebook.