Phishers Turn to Social Media for Money

Contributor: Avdhoot Patil

Social media is a common target for phishers for the purposes of identity theft. Phishers are now seeking financial gain from social networking phishing sites. In November 2012, phishing sites spoofed a popular social networking site and asked for financial information as a requirement for to improve user security. The phishing sites were hosted on free web hosting sites.

The phishing site stated that the social networking site had made some improvements in security and required users to verify their identity by completing a security check. After the “Continue” button was clicked, users were asked to enter their personal details.

The personal details required included the user's:

  • First name
  • Last name
  • Email address
  • Password
  • Country
  • Gender
  • Birthday

The phishing pages that followed asked for users’ webmail address with their password and their answer to their security question. The webmail confirmation was allegedly required to secure the users’ identity when logged in from an unfamiliar location. To gain the users’ confidence the phishing page also noted that they would be notified if the account was hacked.

Figure 1. Email address verification and security check

Figure 2. Personal details request

Figure 3. Email address and password request

Figure 4. Security question request

After the required details have been entered, the phishing site asks for financial information in order to complete payment verification. To avoid suspicion, the phishing site noted that payment verification required only the first six digits of users’ card and only asked for the full card details when users purchased user credits. After the six digits have been entered, the phishing page redirected users to a second payment verification page. The phishing page here gave the same message but asked for the complete card details. The phishing page further stated that occasionally users will be asked for additional information to authorize a transaction or to purchase credits from an application page.

The card details required included the user's:

  • First Name
  • Last Name
  • Credit Card Number
  • Type
  • Expiration Date
  • Security Code
  • Billing Address
  • City/Town
  • State/Province/Region
  • Zip/Postal Code
  • Country

If users fall victim to the phishing sites by entering their sensitive information, phishers would have successfully stolen their information for financial gain.

Figure 5. Card number request

Figure 6. Card details request

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
  • Update your security software (such as Norton Internet Security 2012) frequently which protects you from online phishing

John McAfee Hospitalized in Guatemala

John McAfee Hospitalized in Guatemala

John McAfee has been hospitalized in Guatemala to treat a possible heart attack, according to ABC’s Matt Gutman. McAfee was detained by Guatemala’s National Civil Police on Wednesday for entering the country illegally. John McAfee retained counsel and requested asylum, …

Former Windows Vista hacker now hardening OS X, iOS at Apple

Noted security researcher Kristin Paget—known for her work that helped to beef up the security of Windows Vista—is now working at Apple as a Core OS Security Researcher. Paget confirmed to Wired that she has been working at Apple since September but couldn't divulge any specific details of her work.

Paget has a long history of finding and plugging security holes in all manner of hardware and software. Perhaps most famously, she was part of a group of hackers hired by Microsoft to "lock down" the upcoming Windows Vista operating system in 2006. Microsoft had apparently expected Vista to be fairly secure at that point in its development cycle, but Paget and her cohorts found so many holes that Microsoft ended up delaying its release.

"We prevented a lot of bugs from shipping on Vista," Paget said during a talk at Black Hat last year, after the NDA she signed with Microsoft had expired. "I'm proud of the number of bugs we found and helped get fixed."

Read 2 remaining paragraphs | Comments