Cyber Security Generals!

How to spot phishing page of Facebook

by Mayank Verma on June 4, 2011

Post image for How to spot phishing page of Facebook

Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites. The whole look up feel of theseĀ  websites matches with original one but there are few things that we must check.

Actual Login Page _Facebook

 

The real Facebook login page

Phishing page_Facebook

The fake Facebook login page

See if you can spot the difference between real and fake pages.

 

Points discovered

1. The genuine login page calls itself “Log in” in its title bar. Amusingly, the real Facebook is inconsistent as to whether you “Log in” or “Login” to Facebook as later in the page it refers to “Facebook Login”. It’s odd to see a phishing page be more professional than the real thing.

2. That’s clearly not Facebook’s genuine URL.

3. The real page gives me more language options – including UK English and Welsh which aren’t available on the phishing page. It’s possible that the real Facebook is doing some GEO-IP lookups and determined that I’m visiting from the UK – maybe users in other countries don’t see those options.

4. The phishers have the copyright date incorrect, believing it to be 2010 rather than 2011.

5. There are many more link options made available to me in the footer of the real login page, including “Badges”, “Mobile”, “People”, etc.

 

via http://nakedsecurity.sophos.com/

Leave a Comment

Previous post:

Next post: