Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites. The whole look up feel of these websites matches with original one but there are few things that we must check.
Actual Login Page _Facebook
See if you can spot the difference between real and fake pages.
1. The genuine login page calls itself “Log in” in its title bar. Amusingly, the real Facebook is inconsistent as to whether you “Log in” or “Login” to Facebook as later in the page it refers to “Facebook Login”. It’s odd to see a phishing page be more professional than the real thing.
2. That’s clearly not Facebook’s genuine URL.
3. The real page gives me more language options – including UK English and Welsh which aren’t available on the phishing page. It’s possible that the real Facebook is doing some GEO-IP lookups and determined that I’m visiting from the UK – maybe users in other countries don’t see those options.
4. The phishers have the copyright date incorrect, believing it to be 2010 rather than 2011.
5. There are many more link options made available to me in the footer of the real login page, including “Badges”, “Mobile”, “People”, etc.