Contributor: Avdhoot Patil
Phishers are not letting go of the chaos in Syria. They are using a common phishing template and modifying the messages. In March, phishers mimicked the same website of an organization in the Arab Gulf States observed in a previous phishing site. But instead of promoting the Syrian opposition, phishers impersonated the UN in a scheme meant to show support for the people of Syria. The phishing pages were in Arabic and the phishing site was hosted on servers based in Dallas, Texas, in the United States.
Just recently, phishers have tried to entice users by condemning the Syrian regime. Now, they are citing the Syrian President, Bashar al-Assad, in particular. The phishing site we observed contained a message in Arabic that asked users if they agreed with condemnation of the Syrian President as a war criminal. The message gave options for users to agree or disagree. The phishing page also notified users that the voting could only be done once.
Figure 1. Vote to support condemnation of President Bashar Al Assad
After the option to agree was selected, the resulting page prompted users to choose from four diferent email service providers in order to cast their vote and have it count.
Figure 2. Choose email service provider to cast vote
After any of the four brands was selected, users were then redirected to a phishing page spoofing the login of the email service provider. If user login credentials were entered, the phishing page then redirected to an acknowledgment page stating the voting process was successful and the results would be announced by April 5, 2013. Unfortunately, if users fell victim to these phishing sites, phishers would have successfully stolen their information for identity theft.
Figure 3. Vote acknowledgement page
Users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages
- Do not provide any personal information when answering an email
- Do not enter personal information in a pop-up page or screen
- Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
- Update your security software (such as Norton Internet Security, which protects you from online phishing) frequently