A new SSO Facebook phishing scheme is making its way around the internet and it’s so diabolical, it could fool just about anyone…
There’s nothing new about phishing — ways to trick people into giving up personal information for nefarious purposes. But, it’s becoming more creative all the time. The latest trick involves a SSO Facebook phishing scheme and it’s quite convincing.
New Single Sign-On Facebook Phishing Scheme Hits the Internet
Single sign-on, or SSO, is a common tool used around the web to give people the ability to access different sites through one set of credentials.
These are very familiar, usually asking folks to sign-in or sign-up on third-party sites using their Facebook, Google, LinkedIn, or Twitter username and passwords. It’s very convenient, since people don’t have to create whole new usernames and passwords.
But, it comes with a huge downside. Once bad actors gain access to said credentials, they immediately have access to that user’s accounts.
It also means websites don’t have to go through the trouble of maintaining their own systems. Instead, they just use what’s known as an API or application programming interface, that’s supplied by another site.
Researchers at Myki recently discovered a new SSO Facebook phishing scheme. And, it looks very much like the real Facebook SSO interface.
However, it doesn’t even run the Facebook API. In fact, it doesn’t interact with the social network in any way at all. It merely exists to steal usernames and passwords.
This is just another reminder to always exercise caution, even when casually browsing about the internet.