Attackers Re-create An Entire Facebook Site For Phishing

Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, etc. and even in all of the 64 languages the original site offers!

Fake Facebook login page

The domain of the phishing site is fersos.ru. hxxp://www.fersos.ru/ gives an error as you have to access it with hxxp://www.fersos.ru/index.html. The website is remarkably well done; all the controls are the same as Facebook.

Fake Facebook sign up page

There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.

These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.

-- Julien

Security Research
Insights and Research

Insights and Research

Attackers Re-create An Entire Facebook Site For Phishing

Author

Julien Sobrier

Recommended for You

A look at HydroJiin campaign

Android apps targeting JIO users in India

Ares Malware: The Grandson of the Kronos Banking Trojan

Low-volume multi-stage attack leveraging AzureEdge and Shopify CDNs

Stay up to date with the latest digital transformation tips and news.

By clicking the submit button, you are agreeing to our privacy policy.

Take the first steps on your transformation journey

English

Français

Deutsch

日本語

Subscribe and keep in touch with us!

By clicking the submit button, you are agreeing to our privacy policy.

©2008-2021 Zscaler, Inc. All rights reserved.