Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Facebook Phishing: Manual Session Hijacking

August 14, 2013 - 2 min read
We have reported a number of Facebook phishing pages and scams on this blog. Attackers always come up with clever ideas to fool users in order to obtain their credentials. One of these phishing tricks is a "poor-man" session hijacking attack whereby the user is fooled into copying and pasting a Facebook URL containing the session ID or other credentials into a malicious page. I'll describe such an example that I spotted this past weekend.

The phishing page starts with the usual bait, a video. This time, no sex, but instead an opportunity to watch "Jackie Chan died after perfecting a deadly stunt. Jackie Chan falls from a building of 12 floors."
Jackie Chan died!
The user must click to verify his age, another common trick to get users to click on the page. This displays a list of steps to "verify your age" which involve clicking on another link, copying a link from the window opened, and submitting the data.
Steps to "verify" the user age
The new window points to Facebook. The window is too small for the user to understand what he is copying. Also, instead of opening a page, the URL used is "view-source:https://www.facebook.com...". This makes it one step harder for the user to understand that the window displays a page from Facebook.
Popup window open by the phishing page
When the user copies and pastes their Facebook URL into the 3rd party web page, they're also sending their authentication token used share content. Once this is done, the scammer can now post content on the user's behalf.

Fortunately, Facebook reacted quickly to this particular scam. The Facebook  popup is not valid anymore and it shows the following warning:
Warning from Facebook
When subsequently logging into Facebook after viewing the scam, I also received a warning about phishing pages:
Warning about phishing pages

It looks like Facebook has reacted much faster than they have in the past and added additional warnings for end users. I was asked by Facebook to review my timeline for any suspicious activating just after I logged in. Hopefully more Facebook users will learn about these phishing techniques and will be able to spot them early on.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.