Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users.
The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.
Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.
The login popup prompt is in HTML and appears very realistic-looking, the status bar, navigation bar, shadows, and content also look exactly like a legitimate login prompt.
When users visit the malicious website, they are prompted to log in with a social account. Once selected a login method, the fake login prompt will be displayed.
The credentials provided by the users are sent to the attacker.
When users click “log in with Facebook” button available on any website, they either get redirected to facebook.com or are served with facebook.com in a new pop-up browser window, asking them to enter their Facebook credentials to authenticate using OAuth and permitting the service to access their profile’s data.
Users can also interact with the fake browser window, drag it where they want or exit it like any legitimate window.
The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in. If dragging it out fails (part of the popup disappears beyond the edge of the window), it’s a definite sign that the popup is fake. concludes the experts.