Weebly site phishes FB accounts for mobile load

It’s now easy to create a website thanks to services offered by Weebly and the likes. Just a few clicks here and there with a little bit of creativity, you’ll get yourself your own space in the internet in no time. You don’t even have to pay anything yet unless you want to buy your own domain.

However, some are using these easy-to-set-up website services to host their malicious pages luring innocent people to their strategy.

A Weebly-built website called LiveLoadPH is currently up and actively being shared online by some people who’s Facebook accounts could have been compromised.

How does it work?

If you came across a friend’s post saying you’ll get a free Php 100 load by just going to https://liveloadph[.]weebly[.]com, you might get curious and check what’s it all about.

The website’s main banner welcomes users with a statement to “Stay connected to your friends and family.” as if to touch their innocent visitor’s emotions in relation to the COVID-19 community quarantine.

Scrolling down shows a screenshot of a Php 100 load perhaps to entice people that they are really giving away that much. It further warns that visitors should only fill out their registration form once to avoid spamming their database with multiple requests.

Down at the bottom is a public service advisory reminding people that their operational hours is limited due to the COVID-19 situation. Just beside it is the registration form.

The registration form contains multiple fields including phone number, FB email, password, network and load denomination. If you are in your right mind, you would stop at the second field which asks for your FB email. Why would they get it? And, then your password?

But, just in case you’ve already made up your mind and is going after that Php 100 load because you badly need it, submitting the form would eventually redirect you to a GCash referral page.

Yes, a GCash referral page. A page where someone would earn Php 50 worth of GCash freebies if you decided to sign up. And, that someone is most likely the person behind this scheme. Not only that he got your Facebook account credentials already, he’s also trying to earn GCash rewards from his victims. That’s pure selfishness right there.

Obviously, this website is just phishing for Facebook account credentials to be used for whatever agenda the culprit had in mind. Victims won’t get anything in return even that promised Php 100 load.

If you have already signed up, make sure to update your Facebook password immediately. If you’re using the same password on your email and other online accounts, update them all asap!

We have already submitted the URL to known security vendors for blocking. We will contact Weebly to take down this LiveLoadPH website, and report the GCash referral code to GCash for possible suspension.

Fjordan Allego
Follow me
Latest posts by Fjordan Allego (see all)

Related Posts:

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.