In the past, we came through a number of Phishing campaigns where the attackers using Valid TLD itself for phishing and the Punycode attack demonstrated by Xudong Zheng.Now hackers find a new way innovative method to create believable URL’s and targeting mobile users, specifically Facebook users.
He then went on about how they would have fun disconnecting competitors, and that competitors did it back to them etc.. I then called Comcast and got a 3 day credit for the outage they created "intentionally" to prove I am a customer. Sounds like they need a Public Utility Commission to lay the smack on them for usurious behavior. Apparently a Comcast technician "accidentally" disconnected my 1gbps Gigamonster service while setting up a new Comcast client in my floor's Telecom utility closet.
A legitimate website’s name is followed by a series of hyphens to let the real domain name hide well beyond the right border of the address tab.
The company bring the next examples of the fraudulent URLs, with small modifications to mitigate the readers’ risks: As we see, the crooks are impersonating such popular services as Facebook, Comcast, Craigslist, Offer Up, and i Cloud.
In case the real domain doesn’t hide, words like “login”, “confirm”, or “viewmessage” are added, as seen above.
Why Facebook is the main target, Phish Labs explain trough credentials reuse.