zvelo detects malicious websites, which includes fraudulent phishing websites.
One such phishing website is:
http://facebook[dot]com.accounts.login.userid.504393.hoob2.pw/win/fbm/
It resembles the legit Facebook log-in page (see image below). Within one hour of monitoring the phishing campaign, 483 URLs were detected leveraging the same web page template, layout, content and call-to-action.
Caption: Example of a fraudulent Facebook log-in website detected used for phishing
If log-in credentials are entered, that information will be saved by the scammer(s) behind the fraudulent phishing websites and end-users are then directed to: https://www.facebook[dot]com/4oh4.php or http://youtube[dot]com
Based on the URL pattern, all of the bogus Facebook phishing websites detected have a subdomain with the following format:
facebook[dot]com.accounts.login.userid.[6 numbers].[domain]
The domain is either hoob2.pw or unsme.pw. According to whois.domaintools.com, these two domains were created on February 23, 2014 and registered by WhoisGuard, Inc. from Panama.
zvelo Phishing Website Detection Service
zvelo proprietary, automated and feature-based phishing website detection systems evaluate URL patterns, page content, website trustworthiness and so much more. Phishing websites detected are monitored by a team of quality assurance analysts to ensure optimal coverage, accuracy and responsiveness to such threats. zvelo is often the first in the market to detect such phishing websites and its technology vendors benefit from this valuable service.
