Fake Social Networking Application Promotes Maldives

Co-Author: Avdhoot Patil

When phishing through social media, fake applications are a key technique used by phishers to introduce new kinds of baits. In October, 2011, phishers launched a new fake application named "Maldivian App". The phishing site was hosted on a free webhosting domain. It should be noted the legitimate site does not provide such an application.

Phishers put in more creative thought and time than usual in designing this phishing page. The phishing site contained an image with details about the application and included a form for Web users to enter login credentials. The image presents a ribbon in the tricolors of the Maldivian flag accentuated with the logo of a social networking brand and a Maldivian flag T-shirt. A prominent description of the application boasts that, after logging in, users would receive "cool news" about the Maldives.

For those interested in learning more about Maldives, wouldn’t it be reasonable to enter your login credentials? Beware: this is the phishers' trick. After personal login credentials are entered, users are redirected to a page that displays the message “You are connected”—nothing else. The page does not offer anything additional to the user. If you fell victim to the phishing site by entering your login credentials, phishers would have successfully stolen your confidential login information for identity theft purposes.

Always follow these best practices to avoid phishing attacks to keep your information safe:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering email.
  • Never enter your personal information in a 'pop-up' page or screen.
  • When entering your personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the security padlock icon, ‘https’, or the color green in the address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from all kinds of online phishing, like this one.