 |
| Fake Facebook login page |
 |
| Fake Facebook sign up page |
There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.
These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.
-- Julien
Tuesday, September 14, 2010
Attackers re-create an entire Facebook site for phishing
Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, etc. and even in all of the 64 languages the original site offers!
The domain of the phishing site is fersos.ru. hxxp://www.fersos.ru/ gives an error as you have to access it with hxxp://www.fersos.ru/index.html. The website is remarkably well done; all the controls are the same as Facebook.
There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.
These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.
-- Julien
There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.
These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.
-- Julien
Subscribe to:
Post Comments (Atom)
Posts
3 comments:
Nice catch! It looks like these guys are also cloaking. If you simply type the URL in your browser you get a HTTP/403 but if you set the referrer to 'http://www.google.com' you get the phishing page back. Finally, they also check the user-agent because if you simply curl the page with the proper referrer you get an empty page back.
I'm curious how you found out about these phishing sites.
@noe: We've developed a new technology to detect phishing sites. I was checking the results, and found these 2 domains flagged by our scripts.
It's just too easy to detect, right click then click view source code.
Post a Comment