Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Facebook Phishing via SMS - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Facebook Phishing via SMS

Facebook accounts are still a pretty hot commodity to spread malware. No ruse works better than having a "Friend" offer you some new software or browser extension. As a result, we keep seeing attempts to phish Facebook credentials. Late last week I came across a simple example of such an attempt that in particular targeted users of mobile devices. Mobile browsers have long been an easier target for phishing. They often do not display the full URL (or any URL) to safe limited screen real estate. Many of the queues users are looking for in desktop browsers are harder to make out in mobile browsers.

This particular attack started with a simple SMS message. This technique as also been called "smishing" (SMS Phishing).

The attacker managed to obtain a hostname starting with "facebook." A vigilant user may, however, realize that this is the domain of a Bulgarian University.

Upon clicking on the link, a reasonably well-done copy of the facebook login page is displayed. Luckily, in this case, the full URL fits into the URL bar.

The attacker went even so far as to do some simple input validation. If random data is entered, an error message is displayed:

If a correctly formed e-mail address is entered, the user is redirected to the actual Facebook login page.


Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019


3603 Posts
ISC Handler
Nice - I'll post it to my FB page - note, you have "queues" where, I believe, you meant "cues". Took me a while, trying to think what queue the FB user would be in ;->

Sign Up for Free or Log In to start participating in the conversation!