Facebook gives developers a tool for spotting phishing attempts

At F8, Facebook is opening up use of its Certificate Transparency Monitoring Tool, which Facebook uses to detect phishing domains intended to spoof the domains Facebook owns.

Despite controversy, Facebook still the go-to platform for lifestyle brands

Video: Despite controversy, Facebook still the go-to platform for lifestyle brands

Facebook on Wednesday announced it's giving developers access to a tool it uses to spot phishing campaigns.

One technique that scammers use to steal personal information is spoofing websites -- creating fake domains that look very similar to legitimate websites. They can use these phishing domains to collect usernames and passwords, credit card numbers, and other sensitive information.

These sinister sites are getting more sophisticated, with some even obtaining valid TLS certificates. With a valid security certificate, browsers may incorrectly display the site as "secure."

In response to this threat, Facebook turned to Certificate Transparency Logs to track all valid security certificates issued by publicly trusted Certificate Authorities. The company built a Certificate Transparency Monitoring Tool that analyzes domains, looking for common spoofing techniques. These include:

  • Homograph attacks, in which the malicious domain looks similar to the real one (ex: faceb00k[.]com)
  • Combo squatting, which combines brand names with other keywords (ex: helpdesk-facebook[.]com)
  • Typo-squatting, which exploits common misspellings or typos (ex: faecbook[.]com)

Now, Facebook is extending the capabilities of its Certificate Transparency Monitoring Tool to developers, so they too can get alerts when certificates are issued for potential phishing domains. Developers can go here to enable the free phishing domain monitoring service.

Facebook is also extending its Webhook API to help developers so they can integrate this phishing detection feature into their external systems.