Contributor: Avdhoot Patil
As usual, phishers continue to focus on social networking as a platform for their phishing activities. Fake social networking applications on phishing sites are not uncommon. Phishers continue to come up with new fake applications for the purpose of harvesting sensitive information.
In the past six months, phishing on social media sites consisted of 6.9 percent of all phishing activity. Among the phishing sites targeting social media, 0.9 percent consisted of fake applications offering features such as adult videos, video chatting, adult chatting, free mobile recharge etc.
In May 2013, phishers implemented a fake security application on a phishing site that claimed to secure Facebook Fan Pages and thereby increase the “social security” of the user profile. A Facebook Fan Page is important, as it is a public profile on Facebook that can be used by celebrities, companies, and also by regular Facebook users who can create fan/community pages. Facebook Fan Pages help celebrities and companies to get visitors and connect with people around the globe. The phishing site was hosted on a server based in San Francisco, Northern California, in the United States.
Figure 1. Phishing site asking users to enter login information
As we can see in Figure 1, the phishing page is titled “Ensuring Social Security.” A message on the page states that it is a Fan Page verification process and it is a brand new feature to increase social security. The page also states that the process is mandatory and it is “open until 30.05.2013.” The phishing page also warns users that any Fan Pages that are not verified before that date will be permanently closed. The login form is displayed in the middle of the phishing page and titled “New Facebook Guidelines.” The login form included the following fields:
- Fan Page Name
- Email Address
- Security Code
- Confirm Security Code
The login form also displays a message about a security code and asks users to enter a ten-digit number and to also write it down on a piece of paper because “it is really important” and required if transferring administrative rights or adding new administrators or managers. After entering the login information and clicking on the “submit” button, the phishing site displays an acknowledgement message saying “Thank You. Your Fan Page is being verified and we will notify you within 48 hours when the process is completed.”
Figure 2. Phishing site acknowledgement message
As we can see in Figure 2, the acknowledgement message is displayed on the same phishing page. The fake application site was designed to look like an official application site.
The site was created with the motive of tricking users into believing that once their social networking website login credentials have been entered, their account would be secured. The truth is quite to the contrary because after entering their credentials the user gets the bogus acknowledgement message and, if the phishers are successful, the user will have given up their account details to the phishing site.
The phishing site was SSL secured.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages
- Avoid providing any personal information when answering an email
- Never enter personal information in a pop-up page or screen
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar
- Use comprehensive security software such as Norton Internet Security or Norton 360, which protects you from phishing scams and social network scams
- Exercise caution when clicking on enticing links sent through email or posted on social networks
- Report fake websites and email (for Facebook, send phishing complaints to firstname.lastname@example.org)