Phishers’ Fake Security App for Facebook

Contributor: Avdhoot Patil

Fake social media applications in phishing sites are not uncommon. Phishers continue to devise new fake apps for the purpose of harvesting confidential information. In December 2012, a phishing site (spoofing Facebook) claimed to have an application to secure Facebook accounts from being hacked. The phishing site was hosted on a free Web-hosting site.

The phishing site required users to enter their Facebook login credentials to gain access to the fake security app. In addition to their Facebook login credentials, users must enter a confirmation code generated by clicking a button. Phishers likely believe asking users to enter a confirmation code and stating that it is certified while displaying a fake Facebook stock certificate will make this fake app page seem more authentic. Still, it is hard to understand how a sample stock certificate has any relevance to security on Facebook.

Figure 1. Fake app requests user login credentials with Facebook stock certificate

Even though these tricks may add some air of authentication to this phishing page, the phishers still do a poor design job: the confirmation code generated here, for instance, is always “7710” for any number of attempts.

Figure 2. Fake app requests 7710 confirmation code

After the user enters the code, the phishing site confirms the request to access the app with the message "Thank you For using this Service" and further claims "Your Facebook account will be secure in 24 hours time".

Figure 3. Fake app confirms installation

Of course, the 24 hour wait mentioned is just a time-buying strategy to avoid any early user suspicion. If users got this far and fell victim to the phishing site, phishers would have successfully stolen their information for identity theft.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
  • Update your security software (such as Norton Internet Security 2012) frequently
  • Report fake websites and email (for Facebook, send phishing complaints to [email protected])

Troux Worldwide Conference 2013

Troux WWC 2013

The Troux Worldwide Conference is returning to Austin, Texas on March 19-20, 2013. If you are a Troux customer, partner, or actively involved in Enterprise Architecture (EA) or Enterprise Portfolio Management (EPM), this is your opportunity to enjoy peer networking and joint learning with a focus on delivering rapid results with Troux EPM solutions.

I found this to be a very powerful conference with a great line up of speakers, topics and networking opportunties that isn't just a bunch of folks drinking the Troux "Kool-Aid" but a sharing of real life solutions in Enterprise Architecture. 

For more information: 

Below is from the Troux:

Why attend?

The 2013 conference will build on the success of last year's conference, including:

  • Industry-leading speakers – last year’s event featured over 30 guest speakers, including: Angela Yochem, CTO at AstraZeneca; Mike Walker, Principal Architect at Microsoft; Jason Scarlett, Chief Architect at CPS Energy; and Russ Conway, Director of EA at Cisco Systems, Inc.
  • Real world case studies - Troux customers share their experiences and discuss trends, challenges, and solutions that are helping them strategically manage IT
  • Best practices forum - practical advice on popular topics, such as how to start small; speaking the language of business; and how to track and market your success

Hear our speakers share their passion for forging the connection between IT and the business.

Get Invited

Troux hosted more than 350 customers and industry experts in 2012. Space is limited, so use the form to request your invitation now.

Interested in presenting your success story? Please contact us! Our call for papers closes on January 18, 2013

How to bring down mission-critical GPS networks with $2,500

Enlarge / The phase-coherent signal synthesizer with its top cover removed. The $2,500 device can be used to severely disrupt mission-critical GPS equipment used by the military and private industry.

Scientists have devised a series of novel and inexpensive attacks that can severely disrupt mission-critical global positioning systems relied on by the military and a variety of industrial players, including airlines, mining companies, and operators of hydroelectric plants and other critical infrastructure.

Unlike previous GPS attacks, the one developed by a team of scientists from Carnegie Mellon University and a private navigation company exploits software bugs in the underlying receivers. That allows the attacks to be stealthier and more persistent than earlier exploits, which primarily relied on signal jamming and spoofing. Prototype hardware that cost only $2,500 to build is able to cause a wide variety of GPS devices within a 30 mile radius to malfunction. Because many of those devices are nodes on special networks that make GPS signals more precise, the attacks have the effect of disrupting larger systems used in aviation, military, and critical infrastructure.

The PCSS, or phase-coherent signal synthesizer, that they developed simultaneously receives and transmits civil GPS signals. It carries out many of the same things done by spoofers used in earlier GPS attacks. But instead of merely providing false information designed to compromise the accuracy of the GPS readings, it includes data that exploits weaknesses in the firmware of nearby receivers, many of which use the Internet to share their readings with other machines. The success of the PCSS is the result of an almost complete lack of authentication in the devices that send and receive GPS signals.

Read 11 remaining paragraphs | Comments