Facebook Helps Website Owners Detect Phishing Scams

Facebook announced that it is extending the capabilities of its Certificate Transparency Monitoring tool to make it easier for developers to catch phishing scams using their domains. 

Phishing scams are an annoying part of life on the Internet, and they are getting more and more sophisticated, leading to more people falling for them every day. As they are shut down, scammers are constantly finding new ways to deceive. Here are a few examples, using the Facebook.com domain.

1. Scammers could use different characters to make a “construct a malicious domain that looks similar to a legitimate domain.” This is what’s called a “homograph attack.” For example,
   • faceb00k[.]com: the letter “o”s in “facebook” are replaced by the number “zero”
   • facebook[.]com: the letter “о” is actually the Cyrillic small letter “o” (0x43E), not the Latin “o” (0x6F)
2. They could “combine recognisable brand names with other keywords to create fake domains.” This is what’s called “combo squatting.” For example,
   • helpdesk-facebook[.]com
   • facebook[.]com-legit.com
3. They could “take advantage of small screens on mobile devices which cannot display the full domain.” For example,
   • facebook[.]com.long.subdomain.that.will.not.be.fully.shown.on.mobile.devices.com
4. They could use common misspellings or typos, aka “typo-squatting”
   • faecbook[.]com
   • faceboook[.]com

To make the domains look more legit, scammers will even get valid security certificates, to trick browsers into showing the “secure” indicator padlock. Thus, it’s not enough to check whether a site has https nowadays, before entering personal details like address, credit card numbers etc.

In a post this week, Facebook engineers David Huang, Bartosz Niemczura and Amy Xu announced that the company is extending the capabilities of its Certificate Transparency Monitoring tool so that website owners can be notified when domains are “maliciously created to implement phishing attacks” at their expense.

The tool will monitor when certificates are issued for a domain and notify owners or the rightful domain of a potential scam, so that they can take action fast, and protect their users.

As the engineers explain, “every time a new certificate appears in any public Certificate Transparency Log, our tool analyzes the domains specified by the certificate for phishing attempts by taking into consideration the most common spoofing techniques.” The tool can notify subscribers by “email, push, or on-site notifications, depending on their preference.” All you have to do to enable your free phishing domain monitoring service visit: developers.facebook.com/tools/ct/subscriptions

Finally, Facebook is also extending its Webhook API to allow developers integrate the phishing detection feature into their own systems. Simply follow the steps described in the documentation to set it up.

You might also like

AI Facebook Featured Instagram Social Media

Meta Prepares To Launch AI Personas To Retain And Engage Users

August 7, 2023

Facebook Featured Social Media

Facebook Probably Owes You Money

April 17, 2023

Facebook Featured Instagram

Meta Verified Service Goes Live In The US

March 17, 2023

More from Facebook

Meta Is Killing Its Messenger For Apple Watch App

Posted On May 11, 2023 Geoff Desreumaux 0

Meta announced it will remove the Messenger for Apple Watch app on May 31 “After May 31st, Messenger won’t be available …

Facebook And Instagram Start Selling Blue Checks With Meta Verified

Posted On February 20, 2023 Geoff Desreumaux 0

Meta Verified will give you a blue check badge on both Facebook and Instagram, along with other benefits for $12 …

Meta Brings Back #BuyBlack Friday For A Third Year

Posted On November 16, 2022 Geoff Desreumaux 0

Meta is bringing back #BuyBlack Friday for a third consecutive year in North America. Meta emphasized the importance of the Holiday …

Facebook Is Giving You More Controls Over What You See On Your Feed

Posted On October 6, 2022 Geoff Desreumaux 0

Facebook is introducing new "show more" and "show less" controls to let you adjust what you want to see on …

Meta Introduces Facebook Reels API, Offering An Option To ‘Share To Reels’

Posted On September 20, 2022 George Carey-Simos 0

Meta has introduced the Facebook Reels API, a solution allowing developers to build a 'share to reels' option into their …

Facebook Gets Into Delivery With DoorDash Partnership

Posted On August 18, 2022 Geoff Desreumaux 0

DoorDash is partnering with Meta to pilot Facebook Marketplace deliveries across multiple cities in the U.S. Drivers will only transport items …

Meta Rolls Out Horizon Worlds In France And Spain

Posted On August 17, 2022 Geoff Desreumaux 0

Meta Horizon Worlds, the VR community and game, is now available in France and Spain.

Meta Refreshes Facebook Groups With New Features

Posted On April 6, 2022 Staff 0

Facebook Groups now have an updated invitation system to reduce admin workloads and limit sharing of misinformation.

Meta Offers Digital Security Course For Journalists And Human Rights Defenders

Posted On April 1, 2022 Staff 0

The Meta Journalism Project and the ICFJ have put together a self-paced 90-minute course and webinars to provide online safety …