Researchers from PhishLabs, focusing on analysis of the newest phishing strategies, has discovered one which decided to involve Facebook as its cover. Clearly, this social networking site has earned the respect of millions of individuals around the world. Therefore, it does not surprise us that people would count on a website that contains “Facebook.com” in their link. However, you should not make a mistake of assuming that such a website must be harmless: take a better look at it.
From the ongoing investigation, it has become evident that this strategy aims to circulate around owners of mobile devices. The entire vicious plan strictly relies on the fact that mobile web browsers show a very limited amount of the link in the address bar, while the rest remains concealed. To prolong the URL and hide the real address of the website that you get connected to, hackers have inserted multiple hyphens.
The aim of such a deception is obvious: to make people unknowingly share their logins and passwords to crooks that have constructed the fake Facebook page. Of course, this social networking site is not the only online service that has received some imposters. Services like OfferUp have also been detected to have rogue versions with hyphens. You should pay close attention to the websites that get introduced on your mobile browser. If you notice unnecessary hyphens that would not be included, it is possible that the counterfeit version is the one that loaded.
From the interfaces of websites that have been determined to be rogue, it is almost impossible to recognize them as fake simply by looking. You have to see the full address before entering the required credentials. If the site is real, it will not have any suspicious symbols or references to completely unrelated websites.
You could be recommended to access a rogue version of a website from a spam letter or another deceiving place. In some cases, an unknown party could insist that you view a post or a video from Facebook. After clicking on the indicated link, you will be required to reveal your credentials for the sake of viewing the content. Of course, if you always look at the address bar and try to determine if it is reliable, you should be fine. For instance, an address could begin with m.facebook.com, but then it can contain ———— that conceal the real website you have entered: rickytaylk.com.
Legitimate websites should not contain any unnecessary symbols. Stay safe on the Internet and do not enter domains that are recommended by unknown parties. This could save you from headaches when your Facebook helps hackers find out your personally-identifiable information.
Source: info.phishlabs.com