New Phishing Tactics

Symantec have identified key popular sites where phishing occurs. To explain what is phishing, here is how Wikipedia describe it.

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

http://en.wikipedia.org/wiki/Phishing

Dropbox

http://www.symantec.com/connect/blogs/dropbox-abused-spammers

Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers, as it effectively turns Dropbox into a free hosting site. Spammers have abused URL shortening and free hosting sites for some time. Dropbox also provides a URL shortening service, which spammers have also abused.

Spammers have created several Dropbox accounts, uploading an image and a simple .html file and then using the image to link to a pharmaceutical site.

Dropbox have been informed by Symantec security team.

Facebook Timeline

http://www.symantec.com/connect/blogs/phishers-dislike-facebook-timeline

The phishing site embedded the Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now”. According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page—only after they enter their login credentials. To make the fake application look more authentic, phishers added that it was protected by an antivirus product with the logo of the antivirus brand placed below the login form. After user credentials are entered, the phishing page redirects to a page which displays a screenshot from the Facebook Timeline promotion video. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.

Pinterest

http://www.symantec.com/connect/blogs/survey-scammers-moving-pinterest

If an unsuspecting Pinterest user clicks on the link for one of the scam images, he or she is taken to an external website. The website states that in order to take advantage of the offer, they must re-pin the offer onto their own Pinterest board. This helps propagate the scam, as it now gains further credibility by being posted by a trusted source. Some of the trusted source’s followers subsequently fall for the same scam, then their followers as well, and so on.

It always pay to be vigilant, so please verify any links you see on Dropbox, Facebook or Pinterest.

Subscribe / Share

Article by Mohd Hisham

Focus on technology, HIV/AIDS Awareness, Dementia and supporting several other social causes. Write mostly about the independent Arts scene in Singapore as well as the general works as organized by the various government bodies. Has a fascination with photography and indulge in a little mix of video editing. Very keen on living the social media experience without going over the top.
Mohd Hisham tagged this post with: , , , , Read 400 articles by

Leave a Reply

Follow me on Twitter

%d bloggers like this: