Phishers have used several types of bait in social networking scams in the hopes of improving their chances of harvesting user credentials. Some of the bait included offers of free mobile phone airtime, tickets to sports matches, pornography, hacking software downloads, and so on. In several instances, the displaying of an image of the fake offer gave the impression that the user can avail the benefits upon logging in to the phishing site. Such phishing Web sites typically use a template, where the image and the text is changed. Celebrities’ photographs are often displayed in an attempt to attract end users.
In this particular phishing site, the displayed image was one of the popular Indian actress, Aishwarya Rai. Symantec had earlier reported a similar phishing Web site that used another actress, Katrina Kaif, as the bait. As in the earlier example, the phishing Web site had its content altered to help it look like an adult version of a social networking site. Again, it is important to bear in mind that the legitimate social networking site being spoofed is not involved with any form of pornography or adult sex chat service. Though pornography is a common bait in social networking scams, it’s not common to see Indian actresses being used. Clearly, phishers are choosing celebrities who have a large fan following, as they perceive that a large audience will mean more duped users.
The phishing site was hosted on a free Web-hosting site. Upon entering the login credentials, the user is redirected back to the legitimate Web site. If users fall victim to the phishing site, phishers will have succeeded in stealing their credentials for identity theft. The phishing URL contained certain keywords that gave the impression that the content was linked to pornography. Below is the phishing URL:
hxxp://www.sexhotchat.******.com/Index.html [Domain name removed]
Internet users are advised to follow best practices to avoid phishing attacks, such as:
- Do not click on suspicious links in email messages.
- Avoid giving any personal information when answering an email.
- Never enter personal information in a pop-up screen.
- Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.
Thanks to the co-author of the blog, Ashish Diwakar.