Phishing sites found a new method of cheating (video)

Internet security is one of the mostmain factors for any user. Trying to protect themselves from phishing sites, users, prior to authorization, monitor the proper implementation of HTTPS and URLs, use various browser extensions that capture phishing domains. However, even the most prudent users can be deceived by one of the phishing companies recently identified by security experts.

Experts from Myki have determined thatscammers use links to blogs or sites that need to be registered using a Facebook account. This practice is quite common and is used by many legal resources to minimize user actions during registration. At the same time, the “Login through Facebook” button is used, after activation of which the redirection to facebook.com takes place. Also, a pop-up window may appear with fields for entering the login and password of the Facebook account.

Myki specialists have revealed the existence of phishingsites that, after clicking the "Login through Facebook" button, display a fake form that requires you to enter your Facebook username and password. The fake form is created using HTML and JavaScript and simulates a pop-up window in the browser, fleshed out to the smallest detail, including the status bar, navigation bar, URL, and even a green lock, implying the use of HTTPS. A fake window can even close, drag and drop in the same way as a regular Facebook login window.

To identify a fake window shouldtry dragging it outside the browser window, which is open. Since the fake form is part of the phishing page, this is not possible.

Source: myki.com