Contributor: Parag Sawant
Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a fake voting site which asks users to decide whether boys or girls are greater.
The phishing page, hosted on a free Web hosting site, targets Facebook users and contains a fake voting campaign, “WHO IS GREAT BOYS OR GIRLS?” along with the “VOTE” button to register votes. The page is also embedded with pair of bar charts representing voting ratio and displays the total votes gained for the last four years. These give a more legitimate feel to the fake application.
Figure 1. The Facebook application asks users to register their votes
The first phishing page contains a button to initiate the voting process. After the button is clicked, a pop-up window appears, asking for a user’s login ID and password, as shown below:
Figure 2. A pop–up window requesting for user account information
The pop-up also contains two option buttons to vote for either male or female, and a button to submit the vote. After all the details and fields have been entered and filled up, the page then redirects the user to an acknowledgement page to confirm his or her voting information.
Figure 3. A voting confirmation message is displayed after user information is entered
We then tried returning to the first page and found that the vote count increases periodically. The number was previously 4,924,055 but has now increased to 4,924,096.
Figure 4. A comparison of the previous vote count and the current vote count
The phishers used the following phishing URL, and a subdomain to indicate that it is an application:
If any user falls victim to the site, the phishers would then have successfully stolen personal user information for identity theft purposes.
The use of fake applications as bait is not uncommon, and Symantec advises Internet users to follow these best practices to avoid becoming victims of phishing attacks:
- Check the URL in the address bar when logging into your account to make sure it belongs to the website that you want to visit
- Do not click on suspicious links in email messages
- Do not provide any personal information when replying emails
- Do not enter personal information in a pop-up page or window
- Ensure that the website is encrypted with an SSL certificate by looking for the padlock image/icon, “HTTPS”, or the green address bar when entering personal or financial information
- Use comprehensive security software, such as Norton Internet Security or Norton 360, to be protected from phishing and social networking scams
- Exercise caution when clicking on enticing links sent through emails or posted on social networks