Friday, August 17Care to be aware

A New Facebook Phishing Technique Named “URL Padding” Is Here To Steal Your Password

As we continue to spend more and more hours online, we must up our security game and make sure that we don’t end up losing our data and credentials. However, the reality is grim. Be it the rising threat of ransomware or increasing data theft, the irresponsible security practices of the users are responsible to a great extent.

By exploiting the inattentiveness of the users, a new kind of phishing attack is expanding its web to target Facebook users. So, let’s tell you about this attack in detail.

What is URL Padding phishing?

The notorious hackers have found a new way to fool the users by creating fake and believable URLs. Focused on mobile devices, which have narrow URL bars, the hackers are using real domains within a larger URL. They are padding the larger URL with hyphens to hide the real destination in the address bar.

Let me show you how it’s being done (Courtsey: Phishlabs). For example, take a look at the following URL:

hxxp://m.facebook.com—————-validate—-step9.rickytaylk[dot]com/sign_in.html

You’ll note that while this URL starts with m.facebook.com, which is the legitimate address of your favorite website, the actual domain is rickytaylk(dot)com. Taking this dirty game even a step ahead, the hackers are also using words like login, secure, account, validate, etc. just after the series of hyphens.

Now, if we put this whole URL in a mobile browser’s address bar and add a Facebook logo as rickytaylk(dot)com’s favicon, it’ll look pretty convincing. All that remains is fake Facebook login page to capture username and password.

Fake Facebook login page (Image: Phishlabs)
Fake Facebook login page (Image: Phishlabs)

The hackers are also using similar type of genuine-looking URLs and login pages for iCloud, which reminds me of Fappening leaks, Comcast, Craigslist, etc.

How to save yourself from URL Padding Facebook phishing attack?

As pointed out by the researchers, Facebook accounts are becoming the biggest targets. Also, as compared to desktop, users treat mobile phones differently.

Phishlabs has mentioned the possibility of the propagation of this attack using SMS phishing or social messenger. As people assume that SMS and social media posts are a legitimate source of communication.

The researchers have urged the users to stop for a moment before clicking a link or following instructions. Facebook or any other service won’t send you login links via SMS or other sources. Also, don’t click on links sent to you via unknown people.

You can read more about the URL Padding Facebook phishing attack in this blog post.

Leave a Reply

Your email address will not be published. Required fields are marked *