Phishing for Facebook Logins

UTS Support Posted on February 19, 2019 Posted in Alerts, Weekly Tip

The Tip

A new phishing attack has surfaced that can easily catch the most diligent of us. It is also fortunately easy to spot, once you’re aware of what to look for.

The Detail

We’ve all been to sites now that offer you the convenience of logging in with your Facebook or Google account. This is a great convenience and can really reduce the number of accounts you might need to have for casual things like news blogs and such. This new attack targets that model that we have become used to. It’s effectiveness is it’s simplicity.
Here’s how it works.

Generally when you click on a link to “log in with Facebook” you are either re-directed to Facebook or you get a pop-up window with Facebook’s login screen.
In this attack you get a pop-up window that exactly mimics the Facebook pop-up, down to the apparent lock/secure icon and green address bar.
You enter your username and password.
The login will fail, but the criminals have now captured your Facebook login credentials

How do we protect ourselves from this? Once you know what to look for, it’s actually easy to spot.

Try dragging the pop-up window away from the window it is being displayed in
If you cannot drag the pop-up away, and it instead disappears beyond the bounds of the parent window, it is a fake. DO NOT USE.

Here is a video demonstrating

If you have more questions about these topics, please contact UTS, and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

Earth Day 2024: Sophos Supports this Year’s Planet vs. Plastics Campaign April 22, 2024
To mark Earth Day on April 22, and its theme of Planet vs. Plastics, Sophos employees are being encouraged to use their Sophos Volunteering hours to take part in practical opportunities to join the fight against plastic pollution, as well as take part in a series of wellbeing webinars focused on sustainability and climate anxiety.
‘Junk gun’ ransomware: Peashooters can still pack a punch April 17, 2024
A Sophos X-Ops investigation finds that a wave of crude, cheap ransomware could spell trouble for small businesses and individuals – but also provide insights into threat actor career development and the wider threat landscape
Sophos Guidance on the Digital Operational Resilience Act (DORA) April 15, 2024
Guidance to support financial entities in the EU impacted by the Digital Operational Resilience Act (DORA).
A tumultuous, titanic Patch Tuesday as Microsoft makes some changes April 10, 2024
The largest CVE count in recent history rolls out
Smoke and (screen) mirrors: A strange signed backdoor April 9, 2024
Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely
Sophos Named Best MSP Solution by SE Labs April 9, 2024
Sophos has been recognized for enabling MSPs to effectively defend customers against today’s complex cyberattacks.
Introducing Sophos Managed Risk, Powered by Tenable April 3, 2024
Sophos Managed Risk combines vulnerability management technology from Tenable with Sophos’ threat expertise as a fully managed service.
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector April 3, 2024
While all ransomware attacks have negative outcomes, those that start by exploiting unpatched vulnerabilities have the greatest business impact.
It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024 April 3, 2024
The latter half of 2023 found numerous fronts on which attackers failed to press ahead. Are defenders failing to take advantage?
Sophos Firewall Once Again Recognized as the #1 Firewall Solution by G2 Users April 1, 2024
Top rated based on a high customer satisfaction score and large market presence

Nipissing University
100 College Drive, Box 5002
North Bay, ON, Canada
P1B 8L7
Tel: 705.474.3450
Fax: 705.474.1947

Phone Directory
NU Mail
Health & Safety
Site Map

MyNipissing
WebAdvisor
Blackboard
Library