
Phishing Attacks via Google translate - wglb
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
======
mintplant
> However, like the Google page, this Facebook landing page also uses an older
> version of the mobile login form. This suggests that the kit is old, and
> likely part of a widely circulated collection of kits commonly sold or
> traded on various underground forums.

This is actually the current design of the
[https://mbasic.facebook.com](https://mbasic.facebook.com) login page, the
version of the Facebook mobile site for lower-bandwidth connections and less-
capable devices.

------
Andre607
> One interesting side note relates to the person driving these attacks, or at
> the least the author of the Facebook landing page - they linked it to their
> actual Facebook account, which is where the victim will land should they
> fall for the scam.

Is this based on any evidence or just an assumption? It seems to me that the
'actual Facebook account' could just as readily be either a random or
intentional framing of someone else by the one(s) doing the phishing attack or
the page designer, in which case it would appear that it worked perfectly in
that it apparently convinced Akamai.

------
howard941
I wonder what motivated the article's author to redact the scammer's email
address.

~~~
Andre607
> I wonder what motivated the article's author to redact the scammer's email
> address.

This is good practice to prevent the possibility of revictimization in case
the actual motive of the phishing attack was not phishing but to cause
reputational damage to the owner of said email.

Consider: if someone wanted to target you and cause you potential legal and
employment difficulties, they could launch a phishing attack using amateur
code such as this, and have your work email appear as the "scammer's email",
and then sit back and wait for the attack to be discovered and reported.

And even if not a reputation attack, the scammer could also simply be using a
compromised email account, so once again redaction helps preempt the
possibility of revictimization.

------
cryptosteve
The best defense is a good offense. That means taking your time and examining
the message fully before taking any actions. Does the from address match what
you're expecting? Does the message create a curious sense of urgency, fear, or
authority, almost demanding you do something? If so, those are the messages to
be suspicious of, and the ones most likely to result in compromised accounts.
This is why I never open links directly from an email.

~~~
gouggoug
You could explain this over and over to my 65 year old parents, they still
would fall for it. They're far from dumb, it's just that it's a lot of
information of to handle.

~~~
seth__
One solution is to set up a free lastpass account, change all the passwords to
something random and only use autofill. They have to go out of their way to
enter the password into another domain

Sucks if they want to log in using a new or borrowed device

~~~
bonestamp2
I've got my mom using an iPad which also reduces the attack surface, not to
mention it's pretty hard for her to screw up the device on her own. I haven't
had to help with anything computer related in about 4 years.

