Last week I found an interesting Facebook phishing site, and grabbed a screenshot to do a quick user education post about it.
Here is what the "facebookpolice" site looked like:
Notice that when I typed in my (fake) password, it wasn’t auto-converted into "**********" like a real password box would do.
This is a dead giveaway that this is not a legitimate site (if the domain name and the awkward English weren’t enough of a clue). Unfortunately, you can’t always count on the Bad Guys being so sloppy with their fake sites; this would be an easy mistake for them to fix…
We’ve written previously about how phishing attacks these days commonly target social networking logins, so that the Bad Guys can impersonate you and infect all of your friends.
Leave a reply