Phishers Continue Celebrity Promotion with Selena Gomez and Demi Lovato

Co-author: Avdhoot Patil

Celebrity promotion has gained momentum in the world of phishing. In October 2011, we observed Indonesian rock star Ahmad Dhani was being used as phishing bait and phishers continue their stream of celebrity bait with popular singers Selena Gomez and Demi Lovato. Celebrities with a large fan following are phishers’ favorites (because they believe a larger audience will mean more duped users).

In today's example, phishers created phishing sites that spoofed the login pages of a popular information services website. The phishing pages contained a picture of the singer and the page altered to give the impression that users could gain access to additional content about the celebrity after entering their own login credentials. It should be noted good websites will never alter the format of their login page for celebrity promotions. After the login credentials are entered into the phishing site, users are directed to a page providing various options to the user. These options include chatting with the singers, visiting their official community page, watching videos, seeing images of them in popular search engines, and so on. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their confidential information for identity theft purposes.

The phishing sites were in written in French and phishers utilized domains which were typosquats of the names Selena and Demi. The country code top level domain (ccTLD) of these domains were from Tokelau (a territory in New Zealand).

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.