The page allows would-be hackers to build a special email which can be sent to one or more victims.
The user selects an email template and a site to target, then designs an email greeting card which is sent to the victim. The e-card leads to a phishing site impersonating the domain.
Any log-in credentials stolen by the site are then forwarded to a page which can be accessed by the user.
"It tells you numerous pieces of information, including the number, date and type of account compromised, so the budding hacker can keep a running total of their exploits," wrote FaceTime malware research director Chris Boyd in a company blog.
The researchers contacted the company hosting the site, which was initially taken down. However, a FaceTime spokesperson said that the site was back online at 1:30pm Pacific time on 28 January.
Boyd advised users to be wary of any apparent social networking or webmail site linked from an email greeting card.
"If in doubt, right-click the live link in the email and check what domain it points to," he wrote. "Otherwise, you might end up on a hacker's rapidly growing trophy list."
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
