| ||What's going on in this phishing page hosted on facebook.com?|
1 point by hnick 16 days ago | hide | past | favorite |
|I thought this was an interesting case of the importance of making user-generated content stand out.|
I was sent a phishing email and the shorter URL given was on facebook.com and it 301 redirected to the URL shown in the image: https://i.imgur.com/GQQW3TB.jpg
The bad grammar and the external link in the body which doesn't match the anchor text are clear signs of phishing, however this is hosted on facebook.com with no obvious decoration to indicate this is user generated content.
They've made the page image a blue shield, and the page name 'Details of Violation 2' which ends up making it all look very official while using FB's standard content layout. I'm somewhat impressed at their ingenuity, but clearly it's already been tried before or they wouldn't need the '2'. The body text seems to be setup in the 'Story' section under 'About.'
I think FB could probably do a bit better here though to make it clear that it's UGC. I reported it to FB and also Salesforce which was used to send the email.
| Apply to YC