Attackers Re-create An Entire Facebook Site For Phishing

Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, etc. and even in all of the 64 languages the original site offers!

Fake Facebook login page

The domain of the phishing site is fersos.ru. hxxp://www.fersos.ru/ gives an error as you have to access it with hxxp://www.fersos.ru/index.html. The website is remarkably well done; all the controls are the same as Facebook.

Fake Facebook sign up page

There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.

These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.

-- Julien

Security Research
Insights and Research

Insights and Research

Attackers Re-create An Entire Facebook Site For Phishing

Author

Julien Sobrier

Recommended for You

2020: The State of Encrypted Attacks

Election 2020-themed scams and threat activities

APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services

The Formula for Flawless Data Protection

Stay up to date with the latest digital transformation tips and news.

By clicking the submit button, you are agreeing to our privacy policy.

Take the first steps on your transformation journey

English

Français

Deutsch

日本語

Subscribe and keep in touch with us!

By clicking the submit button, you are agreeing to our privacy policy.

©2008-2020 Zscaler, Inc. All rights reserved.