Co-author: Avdhoot Patil
Phishing sites using celebrities as bait are on a rampage. In July 2012, Honey Singh, also known as Yo Yo Honey Singh, a popular Indian rapper, singer, music producer, and actor was featured on phishing sites. Symantec observed several phishing sites that spoofed a social networking brand that claimed to have an application for Honey Singh. The phishing sites were hosted by a free web hosting service.
The phishing sites promoted Honey Singh’s 2011 album, International Villager. A poster of the album's artwork was displayed on the left side of the phishing page and the login form was displayed on the right side. The phishing sites claimed to have an application that enabled users to listen to the Punjabi star's latest songs and videos. As with most applications on social networking sites, the application made a request to the user before allowing access. After a user's login credentials were entered into the phishing site, users were redirected to Honey Singh’s official website to create the illusion of a valid login. Users who fell victim to the phishing sites had their information stole. Phishers used this information to commit identity theft.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages
- Avoid providing any personal information when answering an email
- Never enter personal information in a pop-up page or screen
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, https, or the green address bar
- Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing