Hackers are taking advantage of the fact that most people remember their Facebook login tied to the fact that during the holidays nobody wants to lose access to their primary social media outlet as a way to convince their victims to sign on to a malicious landing page that will be used to steal their personal information.
Malwarebytes researchers are reporting that cybercriminals are using these fake landing pages as bait in phishing scams that say the person has lost access to Facebook, but this can be regained using the common “Login with Facebook,” method used by many valid websites. It's not lost on attackers that the average Facebook user spends 55 minutes per day on the social media site, which partly explains the recent onslaught of malicious landing pages warning the possibility of losing a Facebook account.
The latest malicious ploys to grab personal information involves clever disguising as legit sites by usurping the mostly trusted Google brand, throwing in an https:// URL for good measure, MalwareBytes Labs.
“The landing pages are all themed around loss of Facebook access, with potential victims most likely directed there by phishing emails,” writes Christopher Boyd, the post's author.
MalwareBytes Labs advises Internet users to avoid the following URLs:
- (leads to) help-unblocking-fb(dot)site/contact/2017/index(dot)php
“One of the weakest links in cybersecurity is the human being,” comments to SC Prof. Abe Baggili, co-director and founder of the University of New Haven's Cyber Forensics Research and Education Group.
“Being able to manipulate an individual through social engineering remains a big threat. It is imperative that users activate multi factor authentication so that even if users get their passwords stolen through phishing it would still add another security layer that a criminal would have to bypass. It is also important not to use the same password for all your accounts in case a criminal steals your password.”
Ondrej Krehel, founder of the New York cybersecurity firm LIFARS, believes users' awareness and education of Internet scamming through phishing attacks today will not fully prevent them from happening within the cyber security landscape.
“These attacks will remain successful in their implementation due to the varied complex existence the average individual lives,” Krehel tells SC. “Cyber resiliency will prevail through a combination of technology and human ingenuity to combat successful distributed phishing attacks, rather than anticipating Internet users ‘to simply do the right thing.' That is simply not the best approach.”