Facebook Phishing Postphp Code Jun 2026

Any inbound POST request to a script named post.php (or similar) that redirects to facebook.com and references email / pass parameters should be treated as malicious unless proven otherwise.

The sophistication of a phishing kit is defined by how it handles stolen data. Simple kits write credentials to a .txt or .json file. However, modern "postphp" kits utilize . facebook phishing postphp code