Teach a person to fish, and they can feed themselves, teach a hacker to Phish, and they can trap the unwary. Okay, poor metaphor using the old text, but phishing remains one of the most dangerous forms of cyberattack and one of the most lucrative. Unfortunately, the bad actors never rest and have recently launched a sophisticated new attack that can snare even seasoned and prepared veterans.
According to an article in The Hacker News, this new attack builds off the common practice of giving online users the option of accessing special deals or content by using their email or logging in through their Facebook account. When a potential victim takes the “bait” in the form of logging in using their FB credentials, the trap is sprung.
Antoine Vincent Jebara, the co-founder of password manager software, Myki, said he and his team recently spotted the phishing attack. One way to determine that it is a fake login prompt is to try and move the prompt outside of the window it is displayed, to the desktop for example. The portion of the prompt that leaves the window will disappear.
You can observe the appearance and behavior of the in this video.
It is always wise to take precautions before clicking on a link that you aren’t 100% sure is legit. As a reminder, always be sure to:
· Check the URL for accuracy, odd naming conventions.
· Look for incorrect grammar including sentence structure and wording.
· If it is a secure site, be sure the URL uses https in its address.
· Install, update, and use a malicious site detection tool.
· Trust your instincts. If it seems phony or the request is for financial or sensitive personal info, go directly to the site and log in.
You might also consider avoiding the use of Facebook to login. That happens to be the author’s practice. FB seems to have enough issues without me exposing my account to every Johnny-come-lately site that wants me to log in via FB.
If you have a situation where you need the top secured communication solution for transmitting data, both business and personal, swing by CRIP.TO and catch up on our best in class, end-to-end, encryption solutions. From personal communications to factory floor data encryption, our unique hardware and software combination might be the answer to your needs.
In the meantime, exercise caution, as always when responding to online and email enticements. You never know when some phisher is out there, waiting to set the hook.