Using FB apps to phish for instagram credentials

I published this article since months but i’m new here and wanted try this site with this article

I’ve come across a FB app yesterday that raised my red flags at the first point of viewing the URL which has a typo:

Opening the URL presented me with an application interface that claims to be instagram login interface asking for credentials in order to grant access to the application

It was clear that it’s a phishing campaign conducted in an unprofessional method particularly the french language used on the interface, trying to enter random fields’ values redirected me to a page in arabic language

Now after recognizing this, i decided to identify the main backend server used to harvest victims ‘ credentials

After opening the following URL : https://websitet7.com/qi/ins/?i=1108114

the main backend website interface that serves and receives harvested credentials has appeared

I tried this time to type in random email and password to where this page would redirect me after hypothetically harvesting my instagram credentials and indeed I was redirected to a proxy server web page

Lessons learned:

1- facebook apps do not request credentials for third party services and it even does not ask you for your facebook login info unless you needed to login

2- Do not type in your login information into any application or webpage unless you make sure it belongs to the website it claims to be

3- Take a step forward and report the main phishing URL to Cisco Talos intelligence group to blacklist the IP and prevent other people to fall victimized to this

4- if it was a facebook phishing, report the facebook app url to phish@fb.com to take down the app.