By: Julien Sobrier

Attackers Re-create An Entire Facebook Site For Phishing

Uncategorised

Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, etc. and even in all of the 64 languages the original site offers!

Fake Facebook login page
The domain of the phishing site is fersos.ru. hxxp://www.fersos.ru/ gives an error as you have to access it with hxxp://www.fersos.ru/index.html. The website is remarkably well done; all the controls are the same as Facebook.

Fake Facebook sign up page

There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.

These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.

-- Julien

Learn more about Zscaler.