Phishing for Facebook Credentials

Researchers from Myki discovered a phishing campaign to steal Facebook credentials. When a user visits a compromised website, a popup prompts the user to authenticate by logging into their Facebook account. If the user enters their credentials, they are sent to the threat actor. The popup allows the user to interact with it like any other popup, dragging it or dismissing it; however, if the user drags it out of the browser window, the popup will disappear, indicating it isn’t a true popup at all and rather a part of the compromised webpage. The NJCCIC recommends verifying that a URL is valid and HTTPS is enabled, and testing for fraudulent popup windows by dragging the popup out of its current window. More details and a demo about this phishing campaign can be found on Myki’s blog post.