Tricky Facebook phishing within Facebook

11/02/2010
G DATA Blog

We received a message in Facebook, which is nothing unusual per se. But this one was sent by "Facebook Security" and it told us that our account is about to be disabled if we do not login, on a special website. But something is dfferent.


So far so good, it seems, another well-known phishing attempt with the urgent request to login. But the devil is in the details: Only the second, maybe even only the third look reveals the difference: The message pretending to be from "Facebook Security", Facebook's own security advisor service, actually comes from "Facebooĸ Securiƚy". You are seeing no difference? Have a closer look at the picture below:


So, the scamsters lure for full confidence by pretending to be an official Facebook entity. And they do not send an e-mail, which would make it far easier to pretend to be someone else - No, they use the optical similarity of letters to impersonate Facebook WITHIN Facebook. Sending a phishing message as "Facebook Security" is impossible, of course - this right is reserved to Facebook, obviously. But "Facebooĸ Securiƚy" is pretty close, don't you think?

We suspect that there have been phishing victims already, because this particular attack is pretty sophisticated. The method used is often described as "homograph attack", even though it is mostly used for domain spoofing. Just imagine a domain like www.exampled0main.com - here, the "o" was replaced by a zero. But, it could also replaced by a Cyrillic letter very similar to the Latin "o" and this would make it about impossible to identify the forgery with the naked eye.

 

Tips & Tricks

  • Have a close look at the sender's address! Cyber criminals love to use alleged typos or, as seen in this case, similar letters from different languages.
  • Do not click on links or download files if you received a message from a foreigner. The websites and files might harm your PC.
  • If you want to use any website that requires a user authentication, directly type in the address into your browser or use the bookmarks, but don't use links given in messages, mails or on websites.
  • Furthermore, you should install a comprehensive security suite which includes a firewall, and an http-traffic filter.