Facebook Phishing Campaign Targets iOS Users

Researchers from Myki discovered a new iOS phishing campaign, which directs users to a spoofed website to log in using their Facebook credentials. After entering their credentials, the user is alerted that their account has been compromised and the session has effectively ended; however, the legitimate credentials are still sent to the threat actor. Myki indicated that the attack is poorly constructed with several flaws in process and design. Myki recommends users to be attentive to slight slight differences in the website and tab switching. The NJCCIC recommends verifying that a URL is valid and HTTPS is enabled, checking for fraudulent websites, and enabling multi-factor authentication where available. Myki provides a demo and more information about this phishing campaign here.