Indian Movie "Bodyguard" Featured in Phishing

Co-Author: Avdhoot Patil

Phishers often choose baits with the motive of reaching out to a large number of end users. In December, 2011, phishers’ choice of bait were songs from the Indian movie "Bodyguard" (starring Salman Khan and Kareena Kapoor). Due to the popularity of the soundtrack, phishers anticipated a large target audience which could improve their chances of harvesting user credentials. This particular phishing site was hosted on a free web hosting site.

The phishing site targeted Facebook and it played a music video from the movie in the bottom left corner of the phishing page. The main content of the phishing page promoted songs as custom graphical "skins" for social networking profiles. The phishing page then encouraged users to enter their social network login credentials, stating that after logging in they could listen to popular songs and enjoy several features. The phishing site also boasted news of being the "Best Song Website In India".

Other fake features promoted on the page include:

  • Adding a music player "playlist"
  • "Dislike" option for friend status updates or photos

Clearly, phishers were looking for every means of duping users. Actually, after login credentials are entered, the phishing page would redirect to a legitimate song application page on Facebook. The strategy behind redirecting to a legitimate and related application page is to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.

Here are some links from Facebook and the FTC to help users combat phishing:

We advise internet users to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.