New way to hack Facebook accounts! Know how to protect yourself from them.

in #facebook7 years ago

Facebook has become one of the largest and most famous sites on the electronic arena, because of his great efforts to protect the accounts of users of hackers. However, with the development of these protections, new ways of hacking in line with innovative methods of protection have emerged. A new type of Phising attacks has emerged, which threatens the user accounts of the site in general and its users on the phones.

DDFFDF-640x360.png

In this post, we will talk about the "URL padding phising" attack, which relies on the principle that it is exploiting the narrow space of the URL box on web browsers on phones.
The hacker sends a fake link to a page that contains a list of user access data for the site, to the victim's device, a link that may appear reliable to many users. For example, a hacker might create a link as follows:
Hxxp: //m.facebook.com--------------validate-----step9.rickytaylk [dot] com / sign_in.html
So that all that appears to the user as a front in the links box is: "-----------m.facebook.com", which represents the first part of the original link. Which will make the user trust the validity and credibility of the link, then to access it and fill in his own account data.
And here lies the secret in the principle of the work of this method, and is to deceive the user and that by making him see only the link to the author.

padded-phish_FB.png

It should also be noted here that the hacker will attempt to hide the name of his link, by using a series of "-" links that keep the dummy away from the victim 's field of view (eg "rickytaylk [dot] com" in the example above)
In addition to this, the hacker adds some of the persuasive words he uses in this persuasion process, such as login, secure, validate ... immediately after the link chain.

To protect against this attack, be careful to click on any link or follow any instructions you may find. The Facebook site (or any other service) will not send you a link to fill in the data via text messages or other sources. You will also have to avoid access to any link that may be sent to you by an anonymous source, and if you have to do so, you lose the link so that you can be sure of its integrity.

Finally, the annotated method is not limited to the Facebook site, but is also used to penetrate other accounts on different sites and platforms such as iCloud, Comcast ...