Ο Paul Mutton of the security company Netcraft has discovered that phishers use Facebook's TLS certificate to create "extremely persuasive" scams that can go unnoticed by most users.
Phish uses an iframe(*) to display a Facebook verification form inside a application of the social network (the URL is apps.facebook.com and something else, as you will see in the images below).
Of course, this form is not from the social network but comes from an external Hostgator website that uses HTTPS and Facebook's certificate.
This combination means that browsers will not alert their users to the imminent danger.
Once the victims are logged in from the iframe-served form, a second fake login form will appear to indicate that the first items were incorrect. It will ask the victims to connect again.
After the second successful login, another page is displayed (when the user submits the information for a second time), claiming that the victim will receive an email confirming the verification within the next 24 hours.
“Fraudsters are making use of Facebook's login platform to perform remarkably convincing phishing attacks against Facebook users," reports Paul Mutton.
See pictures:
"To deceive even the one who is still suspected, the phishing site pretends that the first credentials were wrong."
Way of identification: The social networking page URL does not contain the word apps.
How to protect? From your account settings add two authentication factors.
____________________
(*) iFrame is the technique of viewing one page through another. In the iGuRu.gr for those who remember we used iFrame to display the iGuRu.News forum which was set up on another server on an iGuRu.gr website.