A new phishing campaign takes advantage of Facebook’s security measures in order to appear legitimate. In this case, the creators of the campaign have created an app which is, in essence, a simple <iframe> that displays a fraudulent version of Facebook’s login page. Cybercriminals are abusing the Facebook application platform to carry out phishing campaigns against users which appear legitimate thanks to the fraudulent use of Facebook’s own Transport Layer Security (TLS) security certificates, a protocol used to help keep domains and user communication secure.
The phishing web site is hosted on hxxp://gator4207.hostgator.com/~labijuve/a2/, which leads to a identical yet fake copy of Facebook’s verification page.Despite the resemblance that the iframe bears to Facebook’s actual webpage, the differences between the two sites become obvious when they’re displayed next to one another.
