Buzz
Facebook's Phishing Detection Tool can identify Homograph attacks named Certificate Transparency Monitoring stored on Facebook. Any website owner can register for this service for free using their Facebook account.
Facebook's Phishing Detection Tool Can Identify Homograph Attacks
Webmasters can add their domains and dashboard, and Facebook's tool will scan public Certificate Transparency (CT) logs.
CT logs store information about recently issued SSL certificates for domains, soon to be mandatory on browsers.
Facebook's tool will alert website owners about newly found websites in CT logs using similar names to their websites.
Facebook released its Phishing Detection Tool in 2016 with the hypothesis that if someone receives an SSL certificate for a domain similar to another domain, they are more likely to conduct phishing attacks to gather user account or financial information.
If you've heard of Phishing, you've probably also heard of Pharming, one of the methods hackers commonly use to attack your devices. If you're still unsure, you can read more about Pharming here.
Supports Homograph attacks (homophonic attacks)
Today, Facebook has just updated its Certificate Transparency Monitoring tool, adding new features to detect emerging Phishing attacks that have become increasingly common in recent years.
This new attack is called 'IDN homograph attack', involving the registration of domains with non-standard Unicode characters.
For instance, users might register coịnbạse.com, which seems like a completely unique domain. However, upon closer inspection, you'll notice small dots beneath the 'i' and 'a' characters. Such attacks have become quite prevalent in recent years.
By adding support for detecting Homograph attacks, the Certificate Transparency Monitoring tool can detect scrambled domain names, such as combinations of different words (like helpdesk-facebook [.] com), common spelling mistakes (faecbook[.]com), or nested domains to conceal the actual domain (such as facebook [.] com.long.subdomain.that.will.not.be.fully.shown.on.mobile.devices.com).
The tool also sends alerts via email
Furthermore, Facebook has also added a feature to send alerts to domain owners via email when a potentially fraudulent domain is suspected in the CT logs.
According to previous reports and surveys, Phishing attacks are most effective within the first few hours after the campaign begins. Therefore, users receiving alerts should act as quickly as possible to prevent potentially serious network security incidents.
Once domain owners identify the fraudulent domain, they can contact certificate authorities that have revoked certificates, contact browser providers to blacklist the domain, contact domain registrars to suspend the domain, and warn users about the upcoming attack.
In cases where some webmasters don't own Facebook accounts, they can use alternative options to this tool, such as Certstreamcatcher, or other tools to monitor CT logs, but they won't alert users about fraudulent domains like Cert Spotter.
To secure their Facebook accounts, users should take measures such as enabling Facebook 2-factor authentication, similar to how Gmail 2-factor authentication works. Enabling Facebook 2-factor authentication with a phone number will help prevent unauthorized access to your account.
Additionally, there are many other ways to protect your Facebook account that you can follow, one of which is ensuring your information is accurate and linked to you. When verifying, this information is essential, such as your ID card, for example. You can refer to how to protect your Facebook account here.
It will be quite a while before the Ubuntu 18.10 operating system with its official improvements is released. But from now on, users can download Ubuntu 18.10 Daily Build ISO including minor updates to gradually experience the operating system.
