Chinese Phish Tastes Bitter With Prizes

Co-Author: Avdhoot Patil

Symantec is familiar with baits commonly used in Chinese phishing sites. A grand prize, for instance, is often used as phishing bait. This November, 2011, phishers continue with the same strategy by including a brand new iPad 2 for a prize. The phishing sites were hosted on a free webhosting site.

The phishing page spoofs the Chinese version of a social networking gaming application. What is most interesting about the phishing page is that it displays a warning for an incorrect password (in red) even before any user credentials are entered. The phishing site announces to users that all fields are required to be filled before proceeding to the lucky draw. Users are prompted to enter their email address, password, email password, and birth date. The phishing site then states the winning email addresses will be drawn and winners would receive an iPad 2 and prize money of 50 million dollars. Ironically, the phishing page wishes good luck to the user towards the bottom of the page. After a user enters their credentials, the phishing page redirects to a legitimate application page of the social networking site.

A similar phishing attack was observed later during the same month only this time the phishing site was in English. The difference in this particular phishing site from the previous example is that it declares the user as a winner in advance. An amount of 124 million dollars in poker chips is claimed as the prize money and the user is prompted to login to attain the prize. The same set of credentials were asked in this phishing site as well. At the bottom of the page, an iPad 2 is stated as a bonus gift in addition to the prize money. After the credentials are entered, the phishing page gives an error of incorrect password. Upon entering the credentials for the second time, the phishing page redirects to the legitimate application page. If users fell victim to these phishing sites, phishers would have successfully stolen their information for identity theft purposes.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.