Facebook’s Tool to help developers protect their domains from Phishing attacks

Phishing is the attempt to obtain sensitive information such as usernames and passwords, or credit card details (bank details), while disguising as a trustworthy entity for malicious reasons by hackers.

It's a growing threat which the social media have been at the worst hit side, but now Facebook wants to fight the menace — and so has launched a new tool to help developers protect their domains from possible phishing attacks.

While web browsers will display sites with TLS certificates as secure, but nowadays phishing websites also take advantage of this to appear safe to unsuspecting users. The phishing sites uses TLS certificates, which are used to form an encrypted connection, with the sole aim to deceive.

According to Facebook, “phishing website can look identical to the real website in an attempt to fool people into giving up their personal information.”

Facebook's alert system will be added to its Certificate Transparency Monitoring Tool, which will notify developers whenever certificates are registered for domains that are used in phishing attacks against them.

And developers can report phishing sites trying to impersonate their domains to domain registrars, browsers' vendors, or ask the certificate authorities to revoke their certificates. Additionally, it can notify subscribers of the tool for the legitimate domain by sending email, push, or on-site notifications, depending on their preference.

Facebook aims to effectively shut down bad domains that are created solely to trick people, and enable legitimate website owners to protect their sites and help prevent web surfers from falling for the scams.
Next Post »