Phishing attack on Facebook leverages iframes


Phishing attack on Facebook leverages iframes

SearchSecurity.IN Staff

Social networking site, Facebook was recently used to conduct a phishing attack, claims an alert from Websense Security Labs. The phishing attack displayed pages for various

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

services and also redirected users to phishing pages hosted elsewhere. The following two emails provide a clearer picture of the phishing attack:

Just like another phishing attack, this email from Facebook Security requests the user to confirm his account. However, the phishing page is loaded from within the Facebook site using an iframe, which makes it appear legitimate.  

The second email contains an additional URL at the, which redirects the user to another site with a phishing page.

As both the mails point to valid Facebook URLs, it becomes difficult for the user to spot the phishing attack. The valid links also make it tougher for the anti-spam and Web filtering products to protect the users, as they classify content based on URL filtering.

The link below redirects to the video of the phishing attack on Facebook, which shows a variant that looks like a Zynga account notification.

Advanced Classification Engine