In one of my Facebook information security groups a fellow member got targeted by a facebook phishing attack. The phishing account sends a single message to the facebook user. After the user clicks on the link, they start collecting information to hijjack his Facebook + E-mail and more.
I thought it would be nice if i wrote a summary about the phishing attack.
The Facebook phising message:
“WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we (http://www.facebook.com/security) system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your facebook account below:
<Phishing link> http://pleace-check-you-accounts.at.hm/ <Phishing link>
Facebook Security “
Once you click on the first link (http://www.facebook.com/security) you will be redirected to a Facebook Security page on Facebook.
Once you click on the second link (<Phishing link> http://pleace-check-you-accounts.at.hm/ <Phishing link>) you will be redirected to the AT.hm domain.
At the moment you land on the AT.hm domain you will see a phished facebook page. The malicious facebook page contains the following question.
Please Complete This Security Check.
For the safety and privacy of your Facebook account, facebook Our team has made some improvements in security of your facebook. You must verify your email address before you can use it on facebook service.
Once you click on confirm you will be redirected to this page.
Once you click confirm you get redirected to the next page.
Here they collect your secret question.
Here they collect your e-mail credentials.
Here they collect your card number.
After receiving all your information you get redirected to the facebook security page.