Facebook announces tools for website owners to alert them of phishing attacks
Facebook has announced a new tool for website owners and developers that will alert them about phishing attacks on their platforms.
“We are extending the capabilities of our ‘Certificate Transparency Monitoring’ tool to make it easier for developers to learn about new domains that are maliciously created to implement phishing attacks,” security engineer David Huang and software engineers Bartosz Niemczura and Amy Xu said in a blog post late on 2 May.
Phishing websites try to trick people into revealing their passwords, credit card numbers, or other sensitive information. The tool announced during the F8 annual developer conference in San Jose alerts website owners of these scams so that they can take action to protect their domain and the people who use their websites.
“Certificate Transparency Logs” are designed to keep a record of all valid security certificates issued by publicly-trusted Certificate Authorities. “We have been using these logs to monitor certificates issued for domains owned by Facebook and have created tools to help developers take advantage of the same approach,” the post said.
Using these tools, developers can learn about certificates that have misissued for the domains they control.
“We are extending the capabilities of our tool to send alerts when certificates are issued for potential phishing domains,” the post added.