Categories: Security

Is Facebook’s New Phishing Tool Effective?

With phishing scams continuing to rise in volume, Facebook is taking a stand and getting into the hacker fighting game by introducing a new tool that cracks down on malicious look-alike websites. The tool could be useful for stopping you from opening fake websites, but it may not do everything.

You still need a security app on your device to fully protect yourself from phishing scams. Download dfndr security and you can block phishing attempts by activating the anti-hacking feature. With advanced AI built in — this feature can block attacks coming from your web browser, SMS, or chat apps.

The Facebook phishing tool has some advantages, particularly in identifying homograph attacks. Uh, what are those you might ask?

Homograph Attacks
Some phishing attacks come in the form of a homograph attack. Hackers create websites with domain names that are almost identical to a brand name site, with the sole purpose of fooling someone and getting them to unknowingly input login credentials.

The only way to tell a site is fake is by examining the name of the site. A fake one usually has a letter or a punctuation mark out of place. Unless you’re watching closely, you could easily be fooled. This is where the Facebook tool comes in.

What the Tool Does
Named Certificate Transparency Monitoring, the tool is a Facebook-hosted application that any webpage owner can access for free with a Facebook account. The tool has been around since 2016 but it was recently updated it, allowing webmasters to detect homograph domains that are spoofs of their websites.

Webmasters add their domain to the tool’s dashboard which will scan the public Certificate Transparency (CT) logs. The logs have information about new domains that recently got an SSL certificate. The tool will then warn website owners about fake sites in the CT logs that use a similar name to theirs.

Will the Tool Help You Really?
As someone concerned about your security, the Facebook tool can help you identify phony websites, but in the end, it’s really for domain owners to suss out imposters. While the tool is useful, it will not actively block phishing scams lurking out there.

Once again, it’s wise to take security into your own hands, and have an antivirus app downloaded and ready to be your eyes and ears against hacking attempts.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.