Syrian Regime’s Opposition Gains Phishers’ Sympathy

Contributor: Avdhoot Patil

Recently, cybercriminals have been focusing on the conflict in Syria to incorporate current events in their cyber warfare. In December 2012, phishers mimicked the website of a well-known organization in the gulf with the motive of stealing a user's email login credentials. The phishing site asked users to support the Syrian opposition by casting their vote against the Syrian regime. The phishing pages were in Arabic and the phishing site was hosted on servers based in Dallas, Texas, United States.

The phishing site asked users if they wanted to criminalize the Syrian regime for the murder of innocent people. As seen in the image below, options were provided to agree or disagree. If the agree option was selected, the phishing site prompted users to select their email service provider, from a list of four popular providers, and then login in order to cast their vote.

Figure 1. Consent to criminalize Syrian regime

Figure 2. Email service provider choice

After the login credentials for the chosen email service provider had been entered, the phishing site redirected to an acknowledgement page. The acknowledgement stated that the voting process was successful and that the results would be displayed on January 1, 2013.

Figure 3. Vote acknowledgement page

Phishers relied on the sentiments of a vast number of people in Syria and the rest of the Arab world who are fighting against the Syrian regime. Phishers believe that targeting a large number of users leads to more duped users. If users fell victim to the phishing site, phishers would have successfully stolen their information for identity theft.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
  • Update your security software (such as Norton Internet Security 2012) frequently which protects you from online phishing