Attackers Re-create An Entire Facebook Site For Phishing

Most phishing sites consist of one login page with perhaps a few additional pages. However, I recently stumbled upon a Facebook phishing site which cloned all the facebook pages: About, Developers, Adverting, Sign up, etc. and even in all of the 64 languages the original site offers!

Fake Facebook login page

The domain of the phishing site is fersos.ru. hxxp://www.fersos.ru/ gives an error as you have to access it with hxxp://www.fersos.ru/index.html. The website is remarkably well done; all the controls are the same as Facebook.

Fake Facebook sign up page

There is also another Russian domain hosting the same "clone" of Facebook: baksko.ru.

These sites are not yet listed in Phishtank, and they are not blocked by Google SafeBrowsing.

-- Julien

Insights and Research

Attackers Re-create An Entire Facebook Site For Phishing

Author

Julien Sobrier

Recommended for You

Joker Joking in Google Play

IoT in the Enterprise Report: Empty Office Edition

Targeted Attack on Government Organizations Delivers Netwire RAT

ThreatLabZ June 2021 Report: Deconstructing Kaseya Supply-Chain Attack and the Minebridge RAT Campaign

Stay up to date with the latest digital transformation tips and news.

By submitting the form, you are agreeing to our privacy policy.

Take the first steps on your transformation journey

English

Français

Deutsch

日本語

Subscribe and keep in touch with us!

By submitting the form, you are agreeing to our privacy policy.

©2008-2021 Zscaler, Inc. All rights reserved.