Home / Cyber Crime / Beware of Facebook Phising Sites leveraging Google Site

Beware of Facebook Phising Sites leveraging Google Site

Be aware of Facebook phising websites that make use of Google site to avoid Facebook implementation of detecting malicious URLs. This clever hack attempt will then lure you into clicking to another link from Google site page, which turns out to be a phising site.

Combined with social engineering, in this case the story of “Abby Luna” an OFW allegedly raped by her employer’s son. Most Facebook users will fall especially those who are not technically-able.

What is phising? The act of acquiring private or sensitive data from personal computers for use in fraudulent activities. Phishing is usually done by sending emails that seem to appear to come from credible sources (however, they are in no way affiliated with the actual source/company), which require users to put in personal data such as a credit card number or social security number. In this case, malicious actors are phising you to get your Facebook password.

In detail:

A malicious Facebook user posts a website link to his wall, or group and tries to tempt you of clicking the link he shared.

phish attempt

As I have mentioned earlier, the malicious actor is using sites.google.com to get the trust of Facebook’s warning page.

A click on the image ( appears to have a play button ) will redirect you to a page that contains the final phising site web address / url.

phish attemp vietnam


From there, you are now 1 click way of being phished. Links from the Google site page will bring you another website. It appears to be a mobile Facebook site and asks your Facebook credentials.

facebook phising site

Please, do not ever input your email address/ phone number and password into it. In such case, your credentials will be logged and you will be eventually get hacked. 

To have it more convincing, the attacker will redirect you to a Facebook video (almost related to the topic) after inputting your Facebook credentials.

The Facebook video where you will be redirected after entering your credentials.
The Facebook video where you will be redirected after entering your credentials.


Please don’t ever log in your credentials anywhere else. It should have the domain Facebook.com in the URL bar and is running over https/ secure connection.facebook.com legit url

Pinoy Hack News does not know the culprit behind this clever way of social engineering. He could be a Filipino for knowing the story about Abby Luna or a Vietnamese as the Google Site page language depicts. What do you think? Please comment below.

About Clifford Trigo

I am Clifford Trigo a proud Boholano / Pinoy / Filipino Web App Security Researcher. Day by day, I'm learning new things :)) Visit my Hackerone Profile, currently at top 2 overall :D