Tuesday, June 11, 2013

How Hackers steal your usernames/passwords by Phishing attack?

Beware of "facebookmail.com" domain. Its a phishing site.

Be careful with emails that you receive from "FacebookMail.com", these mails probably are Phishing attack and they trying to steal your passwords and credentials. However this domain is belong to FACEBOOK company but people rarely use it for inviting their friends. If you try to invite your friend from this section https://www.facebook.com/invite.php it will send an email to your friend from FacebookMail.com. But the point is this service rarely use by users, However Hackers use this address to send Phishing email to victims.
Phishing is refer to a type of cyber attack which attacker try to steal username,passwords and credit card information by masquerading as a trustworthy entity in  the communication. The most common technique for Phishing is the use of FAKE PAGES. For example the attacker open facebook.com and download the login page and change the path that login form is pointing to, to their own address. Afterward they will upload this fake page on a their own host with a domain name similar to the legitimate site domain. The last step is to convince the victim to come to this fake website and enter his user/pass/cc details and all these information will send to the attacker.
Here are some examples of similar domains (They are not real-Just for Example):
facebook.com (Legit) ->  faceb00k.com (malicious)
twitter.com(Legit) -> tvviter.com(malicious)
Most of the time attacker will use email for inviting the victim to the fake page. For example they send an email to the victim that contains a message from twitter and its saying "Hey you hear about the gossip your mentioned in? it started some serious drama, it fired up a lot of people on here http://bit.ly/.... "  This will raise the curiosity of the victim and make him/her to click on the malicious link, next he/she will see a page look a like twitter login and will not pay enough attention to the address bar. However this is a fake page, and after he/she enter his/her user/pass will redirect to legitimate site (But his/her user/pass will be send to the attacker).

It is few days that I'm receiving a phishing email from "[email protected]". This is a similar domain to facebook.com and attacker by using this domain try to fool the victim that user think this mail is one of sub services of Facebook.com however this email is coming from hacker and her just change the From address to Facebook email address.
Facebook Phishing email request example

The funny fact is that I don't have any Facebook account using this email , And this make me suspicious that this might be a phishing attack. Another important

Social Networks Sharing