Weeks after a Facebook phishing campaign was found stealing user credentials, a similar phishing attack has been discovered that targets mobile devices.
Antoine Vincent Jebara of Myki has yet again identified this attack which is aimed at iPhone users. The researcher detailed how this campaign mimicked a website’s look and design to trick iOS users into giving away their Facebook credentials.
How does it work?
Highly detailed fake pages
Jebara explained in his blog how the campaign faked certain details. He wrote, “The prompt to authenticate the action is fake. It is an image displayed within the HTML document that makes it look like an iOS prompt. The tab switching in Safari is also fake, it is a recording of a video of tabs switching that is played as soon as the user confirms their intent to log in.”
However, the security researcher emphasized that the implementations were still flawed. It was found that this phishing campaign used the same tab the user opened the site. This is in contrast to Facebook’s actual logins which are presented in external windows on Safari.
Jebara noted that many users could fall for this attack as the details that give it away are quite subtle. Moreover, Jebara wrote that, "...the user is shown specific 'familiar' actions that seem to turn off the part of the brain that doubts the legitimacy of the page.”