Phishing Attack Abuses Facebook App via IFrames

Security researchers have found a phishing attack on Facebook in which a rogue form is displayed through a Facebook app iFrame. Facebook had warned many times to load third party content into app pages through iFrames. Recent attack is spotted by security researchers from F-secure in which a phishing form is loaded from an external domain. The scam is very well constructed and victims are targeted by claiming their accounts have been temporarily suspended because of suspicious activity and they are asked to verify their identity. The form has fields for full name, email address, passwords, gender, security questions.See the full report on http://www.f-secure.com/weblog/archives/00002196.html

Phishing is a powerful attack that is used to hack users’ web accounts. Facebook as a big social network is the main target of the hackers. Most of the people try to hack their friend’s account just to see what they ware doing on social network.

But these kind of attacks can be done only for 3 months more because the company has asked all app developers to acquire SSL certificates and sign their third-party content before 1 october. It will reduce the number of hacking attempts by using Facebook apps.

We recommend all people to keep their password secure and never give password in any app on Facebook. Only enter password in the login form of Facebook that stars with http://www.facebook.com domain.

If you found any website that is performing phishing attack, share it with us or report to Facebook.