Phishing attack on Facebook leverages iframes

Popular social networking site, Facebook being used for phishing attacks and open redirects, claims Websense Security Labs.

Social networking site, Facebook was recently used to conduct a phishing attack, claims an alert from Websense Security Labs. The phishing attack displayed pages for various services and also redirected users to phishing pages hosted elsewhere. The following two emails provide a clearer picture of the phishing attack:


Just like another phishing attack, this email from Facebook Security requests the user to confirm his account. However, the phishing page is loaded from within the Facebook site using an iframe, which makes it appear legitimate.  


The second email contains an additional URL at the, which redirects the user to another site with a phishing page.

As both the mails point to valid Facebook URLs, it becomes difficult for the user to spot the phishing attack. The valid links also make it tougher for the anti-spam and Web filtering products to protect the users, as they classify content based on URL filtering.

The link below redirects to the video of the phishing attack on Facebook, which shows a variant that looks like a Zynga account notification.

Advanced Classification Engine

Read more on Master data management (MDM) and integration