Be wary of phishing when logging on to Facebook and how to protect your Facebook account
Those who do not pay attention will easily be the victim hacked or cheated, if you regularly use Facebook, then you should start paying attention is just if you do not want to be a victim.
This is especially important if you use Facebook on a mobile device rather than a computer. Below is a graph of the percentage of websites used on mobile from 2009 to 2017 globally.
Websites worldwide have a mobile version available
Scammers are starting to exploit techniques to attack mobile users when mobile traffic is larger than PC traffic. With the fact that many mobile devices are less secure than PCs, this is a great opportunity for them.
How does Facebook login scam work?
This type of phishing uses a technique called URL padding. A regular URL will consist of three parts:
- Domain (required)
http:/// facebook.com /photo.php?fbid=123456
- Secondary domain (optional)
http:/// m .facebook.com/ photo.php? fbid = 123456
- Path (optional)
http://m.facebook.com/ photo.php? fbid = 123456
For mobile users, you will see the address m.facebook.com on your browser when using Facebook. This is to combine the domain and sub-domains displayed on the mobile version of Facebook. When you see it, you will feel safe.
URL padding is when a fraudster creates a subdomain based on a completely different domain to impersonate a page, then inserts it into a subdomain with innocuous characters to make the user think they are on the right page. real. This is an example URL from PhishLabs:
http://m.facebook.com----------------validate----step1.rickytaylk.com/sign_in.html
Visit this page, you will see the login screen identical to the Facebook home page on mobile, asking for login information. Users who do not pay attention will only look through the URL and see m.facebook.com and assume that it is the real page.
When finished, it is considered as done. The page will report innocuous errors (such as wrong passwords .) but your username and password information is stolen. Now an attacker can use that account to extract other accounts such as Gmail, Amazon, PayPal, banks .
Whoever pays attention will see the actual domain of this page is rickytaylk.com and it has up to 3 sub domains.
- com ---------------- validate ---- step1
- m
If you use a computer, you may notice that this URL is fake, but on the phone, the URL will only display as shown below, so it is very confusing.
The URL cannot be displayed completely on mobile browsers
This added URL can be sent in many ways such as email, instant messaging, chat applications, etc. However, the fake URL is not a new method. Earlier this year there was also an exploit discovered on Chrome (and other Chromium-based browsers), in which the URL was edited. Fortunately, the bug was patched before the scammer could exploit it. But this also shows that completely trusting the URL is not recommended at all.
How to secure your Facebook account
You should read it
- Warning: Accessing the personal page of a comment about a scam can be robbed of a Facebook nick
- Why is Facebook account hacked?
- Warning of donkey by accepting money on Facebook
- Facebook's Libra electronic currency has not yet set a launch date but scam tricks are ready
- How to avoid Facebook Scam
- How to detect scam online
- The winning scam from Google: 'Game cat' for vigilant people, 'tragic' for those who are light-hearted
- Trick to change the annoying interface on Facebook
- Two college students allegedly cheated nearly $ 1 million of Apple
- Beware of phishing emails impersonating Facebook
- How to identify Fanpage phishing like sentences on Facebook
- Block strangers to contact you on Facebook
Maybe you are interested
Customize icon icon on the Desktop Top 10 most hated videos in YouTube history How to clean the body of ancient Egypt The 10 greatest generals in the history of the world are judged by the Royal Council of Science Reduced blood flow in the brain can make us stutter Looking at the 12 marvels of the image has given the world 'cheats' in the past year