Faux Cash Prize for Christmas

Contributor: Ayub Khan

Phishers consider special occasions as an opportunity to strike at end users and Christmas has always been a favorite for phishers to introduce new phishing baits. For this past Christmas, phishers created a phishing site pretending to be a popular payment system based in the USA. Phishers used a typosquatting domain hosted on servers based in the Netherlands.

The phishing site began by stating that the user was chosen as the winner of a $400 cash prize. Users were told that ten winners were given the prize every year for Christmas. To receive the prize, visitors were prompted to enter the verification code they received by email. There is poor language used in the phishing site, evident from the misspelled “recieve” in the message.

Figure 1. Verification code request

In another phishing page, visitors are informed that they won a prize to double the amount available in their payment system account. The procedure given to attain the prize was similar to the preceding one where visitors were required to enter a verification code received by email. A fee of one cent was allegedly deducted to ensure an active account. The phishing site claimed that their offer would expire after 24 hours of receipt the above email and the user’s account balance would double after the tax was paid.

Figure 2. Confirmation code request

The same type of phishing bait was used in the form of a contest survey as well. In this scam, the prizes mentioned were $1000 for first place, $500 for second, and $100 for third place. The survey questions on the phishing page were as follows:

  1. You are using [BRAND NAME] at least:
  • Once a day
  • Once a week
  • Once a month
  • Once a year
  1. You think [BRAND NAME] is:
  • Useful
  • Unuseful
  1. If you need to give a mark to our services, you give:
  • 1
  • 2
  • 3
  • 4
  • 5
  1. Have you ever used our Messaging service?
  • Yes
  • No
  1. Your impression (Optional)
  • [TEXT BOX]

After the responses are selected and then submitted, the phishing site redirected to a participation acknowledgement page. Users were informed that they would become participants of the survey after paying a verification fee of one cent. The phishing site stated that the winners of the contest would be declared on a specific date. If users fell victim to the phishing site, phishers would have successfully stolen their information for financial gain.

Figure 3. Contest survey page

 Figure 4. Survey participation acknowledgement

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
  • Update your security software frequently (such as Norton Internet Security) which protects you from online phishing