Fake Facebook verification window

The Anti-CSRF tokens generated by Facebook and other websites that want to keep their customers protected are being targeted by cybercriminals who can use them to temporarilytake over an account.

Symantec researchers did a little digging on the matter and found a few cunning plots in which attackers try to dupe users into providing the highly desired codes.

Cross-site request forgery (CSRF) is an attack in which basically the victim’s active session is borrowed by the cyber masterminds to perform illegal operations. Once the security token is obtained, the attacker can do whatever he wants as the website’s server detects him as being legitimate.more