Nowadays hackers are targeting mobile devices to hack data. Hackers targeted people who are using the social network to get their user name and password.
Recently, a new phishing attack has been detected to steal facebook username and password.
PhishLabs has detected many of this phishing technique since January 2017. Researchers at the security awareness training provider haven’t found lures for the attack just yet. Even so, they believe fraudsters are mainly spreading around these hyphen-padded URLs via SMS messages and social network.
According to report of PhishLabs , cybercriminals are using fake URLs targeted at users accessing the social network through their mobile devices. Attackers use the small size of the address bar of browsers for the smartphone, so they create fraudulent addresses that may seem the real address of facebook login.
The researchers point out as an example of this type of phishing technique a URL like the following:
Hxxp: //m.facebook.com—————-validate—-step1.rickytaylk [dot] com / sign_in.html
Security expert Crane Hassold says “Instead of attempting to make genuine looking
URLs, threat actors have begun including genuine, legitimate domains within a
longer URL, and padding it with hyphens to hide the real target“.
We can see the URL started with m.facebook.com but the real destination URL here is rickytaylk.com, not m.facebook.com.
Those links may have been send via email or instant messaging services and if you will believe that they are on the social network website and enter their username and password there.
Then your Facebook credentials are stored on the attackers’ server and hacker can login into your account and use your account for malicious purposes.
To avoid being a victim of this new phishing technique, you have to always check the complete address of the links you receive, especially on your mobile phone. It is preferable to access from the Official Facebook app for your smartphone or manually type the URL in your browser.
You can also Enable 2nd step verification to stay safe from it.