Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Facebook Scams. Show all posts

Facebook Users Phished by a Chatbot Campaign


You might be surprised to learn that more users check their chat apps than their social profiles. With more than 1.3 billion users, Facebook Messenger is the most popular mobile messaging service in the world and thus presents enormous commercial opportunities to marketers.

Cybersecurity company SpiderLabs has discovered a fresh phishing campaign using Messenger's chatbot software

How do you make it all work? 

Karl Sigler, senior security research manager at Trustwave SpiderLabs, explains: "You don't just click on a link and then be offered to download an app - most people are going to grasp that's an attack and not click on it. In this attack, there's a link that takes you to a channel that looks like tech help, asking for information you'd expect tech support to seek for, and that escalating of the social-engineering part is unique with these types of operations."

First, a fake email from Facebook is sent to the victim – warning that their page has violated the site's community standards and would be deleted within 48 hours. The email also includes a "Appeal Now" link that the victim might use to challenge the dismissal.

The Facebook support team poses an "Appeal Now" link users can click directly from the email, asserting to be providing them a chance to appeal. The chatbot offers victims another "Appeal Now" button while posing as a member of the Facebook support staff. Users who click the actual link are directed to a Google Firebase-hosted website in a new tab.

According to Trustwave's analysis, "Firebase is a software development platform that offers developers with several tools to help construct, improve, and expand the app easier to set up and deploy sites." Because of this opportunity, spammers created a website impersonating a Facebook "Support Inbox" where users can chiefly dispute the reported deletion of their page. 

Increasing Authenticity in Cybercrime 

The notion that chatbots are a frequent factor in modern marketing and live assistance these days and that people are not prone to be cautious of their contents, especially if they come from a fairly reliable source, is one of the factors that contribute to this campaign's effectiveness. 

According to Sigler, "the advertising employs the genuine Facebook chat function. Whenever it reads 'Page Support,' My case number has been provided by them. And it's likely enough to get past the obstacles that many individuals set when trying to spot the phishing red flags."

Attacks like this, Sigler warns, can be highly risky for proprietors of business pages. He notes that "this may be very effectively utilized in a targeted-type of attack." With Facebook login information and phone numbers, hackers can do a lot of harm to business users, Sigler adds.

As per Sigler, "If the person in charge of your social media falls for this type of scam, suddenly, your entire business page may be vandalized, or they might exploit entry to that business page to acquire access to your clients directly utilizing the credibility of that Facebook profile." They will undoubtedly pursue more network access and data as well. 

Red flags to look out for 

Fortunately, the email's content contains a few warning signs that should enable recipients to recognize the letter as spoofed. For instance, the message's text contains a few grammatical and spelling errors, and the recipient's name appears as "Policy Issues," which is not how Facebook resolves such cases.

More red flags were detected by the experts: the chatbot's page had the handle @case932571902, which is clearly not a Facebook handle. Additionally, it's barren, with neither followers nor posts. The 'Very Responsive' badge on this page, which Facebook defines as having a response rate of 90% and replying within 15 minutes, was present although it seemed to be inactive. To make it look real, it even used the Messenger logo as its profile image. 

Researchers claim that the attackers are requesting passwords, email addresses, cell phone numbers, first and last names, and page names. 

This effort is a skillful example of social engineering since malicious actors are taking advantage of the platform they are spoofing. Nevertheless, researchers urge everyone to exercise caution when using the internet and to avoid responding to fake messages. Employing the finest encryption keys available will protect your credentials.

Facebook :"Is that you?" 500,000 People Were Victims of this Phishing Scam

 

Facebook has often been a favorite hunting ground for cybercriminals who delight in preying on the naive members of the internet community. While addressing a very prevalent fraud known as "Is that you?" cybernews has conducted research. It's a type of video phishing scam in which the attacker delivers a link to a fictitious video in which the victim appears. When you click, the trouble begins as soon as you enter some personal information and log in. 

Researchers were recently rewarded for such diligence when they received a warning from fellow cyber investigator Aidan Raney – who originally contacted them after the original results were released – that malicious links were being sent to users. Upon further investigation, it was discovered that thousands of these phishing links had been circulated via a devious network spanning the social media platform's back channels. If left unchecked, hundreds of thousands of naive social network users might fall prey to the shady connections - the "Is That You?" scam was said to have ensnared half a million victims before researchers discovered it. 

Raney explained, "I worked out what servers did what, where code was hosted, and how I might identify additional servers." "I then used this information, as well as urlscan.io, to seek for more phishing sites with similar features to this one." 

A thorough examination of the servers linked to the phishing links revealed a page that was transmitting credentials to devsbrp. app. A banner believed to be attached to a control panel was discovered with the wording "panelfps by braunnypr" printed on it. A second search using keywords led the study team right to the panel and banner designer, whose email address and password variations were also identified  neatly turning the tables on fraudsters who prey on unwary web users' credentials. 

Cybernews accessed a website which proved to be the command and control hub for most of the phishing assaults linked to the gang, known to include at least 5 threat actors but could have plenty more, using the threat actor's personal details. This gave our brave investigators a wealth of information about the culprits of the Facebook phishing scam, including the likely country of residence  the Dominican Republic.

"We were able to distribute the user list for everyone who has signed up for this panel," the Cybernews researcher explained. "We started unearthing the identities with as many people on the list as we could using the usernames on the list, but there is still more work to be done." Researchers provided the appropriate information to the Dominican Republic's Cyber Emergency Response Team (CERT) at the time, as evidence suggested that the campaign had started there as well.

1.5 Billion Facebook Users Data Breach or a Scam?

 

Facebook, Messenger, Instagram, and WhatsApp were all down for 7 hours worldwide meanwhile unknown hackers allegedly stole 1.5 billion Facebook users’ data and sold it on the dark web, the Russian Privacy Affairs agency confirmed in its recent findings. The data includes user names, email addresses, addresses, locations, and phone numbers, as per RPA's findings. 

“It’s the biggest and most significant Facebook data dump to date– about three times greater than the April leak of 533 million phone numbers,” the publication noted. 

However, while responding to the security incident, Facebook siad that “this was old data and the security vulnerability responsible had been patched back in 2019”. 

At present, it is yet to be confirmed if the RPA's findings are legitimate or not. However, some people reported that they tried to buy Facebook users’ data. However, after paying $5,000 amount to the hackers in exchange for data, the buyers got nothing, hence the probability of a scam underneath is on the cards. 

The fact that the buyers who paid the hackers in an attempt to buy the stolen data got nothing could be proof that the group's claims of having stolen data are baseless. However, security experts still suggest all Facebook users stay vigilant for unusual activities on their accounts. 

At a Senate subcommittee hearing with a Facebook whistle-blower on Tuesday, Senator Marsha Blackburn from Tennessee said, “News broke yesterday that the private data of over 1.5 billion — that’s right, 1.5 billion — Facebook users are being sold on a hacking forum.” “That’s its biggest data breach to date,”  the subcommittee’s ranking Republican member further added. 

Although many believe that data has been breached, there is no solid proof of it yet. Aric Toler, a researcher with Bellingcat, an investigative journalism group, made a statement and added that someone claimed to have paid for the hacked data and they found out that it was a scam so it has to be confirmed as of yet. 

Facebook's 'Dislike Button' scam


Few days after Facebook CEO Mark Zuckerberg, on September 2015, in a Q&A session announced that the long awaited Facebook ‘Dislike Button’ will be implemented soon, scammers seized upon this opportunity in spreading phishing attacks and malware.

Soon after this, many users got the link inviting them to download the Facebook’s ‘ Dislike Button’, it says that it is "invite-only feature". One of the most popular dislike button scam is titled as “Get newly introduced Facebook dislike button on your profile". Once clicking on these links leads the victims to a malicious websites.

The ultimate goal of the scammer  is to encourage users to share the link on their Facebook page. Once it is  spread on Facebook, they asks you for your personal information and account credentials, or sometimes it  downloads the malicious software causing further damage to the computer.

Zuckerberg,  the co-founder and CEO said that, "We are working on it, and are very close to shipping a test of it."

Computer security expert Graham Cluley  showed this concern over this on his blog.  "Scams like this trick you into liking pages, and sharing the link with your friends, using the bait of something alluring...in some cases they will even lead you to pricey premium rate mobile phone subscriptions, online surveys that generate the scammers income, or trick you into downloading malicious code onto your PC."

And advised that, "Don't be duped. If you're a Facebook crack-addict then try to resist the urge of falling for the latest scam, and wait for Facebook to properly roll-out new features as and when they choose."

Acai Berry Diet Facebook spam attack: Don't buy, don't try, don't reply, says expert


Most of the Facebook users would have noticed various websites promoting Acai Berry diet products. Sometimes, even our friends recommend Acai Berry advertisements on Facebook. However, think twice before you click on those links. If you do, you end on some diet supplement scam page.

In the Acai Berry scam, we can only see two successive postings on our Facebook Timeline without our permission. Like:

“Successfully results in this particular health solution.”

Then, here comes a follow-up post as if anyone has forgot

“The link, hehe.. http://goo.gl/xxxxxx.”

Paul Ducklin, a computer security expert, wrote on Naked Security's blog post “You'd be right to be suspicious, at least if you know your friend is competent in English, because some of the phrases stretch the limits of comprehensibility. However, we're guessing that there are two postings in order to add some kind of human-sounding realism.”

He added that it was understandable that automated bogus messages wouldn't forget the link in the first place. And secondly, humans would rush to correct their error with comments saying "hehe."

The expert said that short links like: goo.gl URLs have been used in the campaign and seem to have redirected to URLs.

For example: [hexdigits].my.test/[letters]/image_[hexdigits].jpeg

“If you click through to the buy page and check the very limited disclaimers and FAQs there, you'll find that the product only helps you to lose weight if you combine it with a diet specifically designed to make you lose weight. So, assuming that you spot the scam for what it is before you fill in your credit card number on the buy page, and bail out, you should be OK,” he added.

“Don't buy, don't try, don't reply,” he wrote.

He suggested that if anyone gets to know about he/she has been posting ‘out-of-character posts’ without his/her approval, please check the following:

•             Is your computer patched and up-to-date?
•             Is your anti-virus up-to-date and running properly?
•             Has someone else been logging into your accounts?
•             Did you use the same password on multiple sites?
•             Have you authorized any apps to access your social media accounts?   

Facebook hoax "Prayers for Like"


The message is a disgraceful hoax designed to get maximum number of likes for a facebook page and further promote it through sharing the message.

A baby's photograph was taken out illegally from a personal facebook profile and is circulated without the parents permission. Unfortunately the baby from the photograph died two weeks after her birth. As the baby's picture is being circulated without the parents permission, it is causing great pain to them. If this hoax message comes your way, do not like or share it. Advisory, report this particular message to Facebook.

According to the facebook's currently distributed hoax message, you can offer prayers to this baby girl by liking or sharing the picture. However, liking or sharing the particular message would not help the baby, infact would cause considerable distress to the parents and make them belligerent.

The people who create these messages are highly motivated by the green eyed monster and look through the children whose pictures they misuse. Facebook pages with large number of likes are a source of black market and can also be sold to inhumane internet marketers and used to make further scam and hoax messages.

Believes of offering prayers for someone who is unfotunate is sane but reciprocating it through social networking sites is simply absurd. Are we to believe on a denigrating fact that, “almighty has a deal with facebook that one shrare contributes hundred prayers?”

Not only this it can also be seen on other pages including images of God and Godesses and they ask for a like or comment to seek There blessings.Well its ironical that even the Almighty now needs likes, shares and comments on their images for blessing the mankind.Huh.Well my suggestion is open up your eyes and think broadly.

If this message comes your way, do not like, share or comment on such a post. It plays in favour of inhumane and immoral people who earn from such hoaxes.

The company needs to take action that ensures that these scam messages are removed from the network as quickly as possible.

Moreover, facebook has actually removed some of the messages, as they have been reported a number of times. The company should ensure that these hoaxes are removed from the network as quickly as possible.

Scam Alert: Your Facebook Accounts will be Permanently Disabled

We have seen large numbers of facebook posts that promise something, but it turns out to be a scam.  Fb users are still believing such kind of posts and blindly following the instructions.  So, Cyber criminals are keep coming up with new themes to trick users.

Over the past few days, i have been receiving a facebook notifications informing that one of my friends mentioned me in a comment.  I had a look at the post, it is none other than a facebook scam.

The scam posts says "to all facebook users Your Facebook Accounts will Permanent Disable. you must register your account to avoid permanent disabled . How to register? Go to our pinned post. and follow instructions carefully!" 

It asks you to copy and paste some code in the console of your browser.  By blindly following the instructions of scammers,  users are allowing scammers to do various actions('like', 'sharing', 'tagging friends' and more) on their behalf.

Earlier this year,  we learned that scammers were tricking users by promising them that following the instructions will help them to hack their friends' accounts.

Facebook Scams: "Hacking any Facebook Account", "Facebook Music Theme"


A new facebook scam which is claimed to be a script to "Hack any Facebook account" is spreading like Wildfire.  Recently, i also came across a facebook scam post that promise a "Facebook Music Theme". I've been tagged in the spam posts by more than 20 friends within a week.

The post has a link to a script file which is randomly hosted in dropbox, pastebin, textuploader and other file hosting services.

The post tricks users into thinking that it is a script to hack any facebook accounts.  It urge users to use it before it is getting blocked by facebook.

It asks them to copy the script and paste in the "console" section of the "inspect element" option in your browser.  It claims you will get username and password once you done the process.


Here is what exactly happening:
When you execute paste the code in the console section, it will run the code on behalf you.  So, it will send several requests including "Like" & "comment" request".  It means that you are unknowingly "liked" and "commented" on the scammer's pages.


It also tag all of your friends in a comment so that it can spread the scam further and get more victims.

I can't believe that there are still plenty of people out there who still believe some stupid scripts can hack accounts.

Are you one of the victim who followed the stupid instructions? 
No need to panic.  As far as i know, the script only "likes"& "comments" on behalf you.  So, you can simply go to "Activity" log page in your account and unlike & uncomment them.  If you are reading this article, make sure you are not doing the same mistake again.

Facebook Scam: World's Largest Snake Video and Shark Eating Man Videos

Facebook Survey Scam
Attention Facebook users ! If you are seeing a Facebook post promising outrageous videos, for instance"Shocking video: World's Largest Snake Video, Don't click it, It is nothing other than Survey Scam.

There are various facebook posts circulating with different bogus title in facebook that leads to a survey scam page.

So far, the topics used in the scam campaign are " SHOCKING VIDEO World’s Largest Snake Found In [Brazil /Mexico ]", "Exclusive: Shark eats the swimming man in an Ocean!! Watch the video".

Facebook Scam post
The user who clicks the link in the post will be taken to a web page where they are asked to complete the survey in order to view the video and share the video in their facebook account.

At the end, you will get nothing other than being a victim of the scam.  Remember, there is no such videos.  If you come across these kind of posts, just ignore it /report it to Facebook.

Facebook Spam: "She went inclusively nuts and lost all control of the razor-sharp axe"

A new spam that preys on people's curiosity is circulating in Facebook.  Today, E Hacking News has come across a new spam campaign.  The spam post has a picture of women that looks like a video.

"she went inclusively nuts and lost all control of the razor-sharp axe Well, Watch what happened..in..this..video:_:: [Tiny_URL]" The spam post reads.


Facebook spam post


Following the link provided in the post takes the users to a page where it says "She did this at the tender of age 15" and the site displays an image mimicking an embedded video player.

After clicking the image, i am really inspired by the clever work done by the CyberCriminals.  When a user click the image, it asks users to press three shortcuts one by one - Ctrl+L, Ctrl + C, Ctrl +W .

I know what the last two shortcuts do but not sure about the first one.  I've managed to find the usage of the Ctrl+L shortcut in browsers.  It is being used for selecting the URL.

So the shortcuts are for selecting&copying the url and closing the windows.  But wait a second, i failed to notice one thing.  When i clicked the image , the page opens a new window.

Small window -1

Small window  -2


Interestingly, the new window is so small and not visible.  So pressing the shortcut keys copies the URL of the new-window and closes the window.  The URL contains the victim's authentication token.


A victims who fail to notice the window and follow the instructions soon find them-self victim to the Facebook spam post.  The spam will be posted in the victims' wall using the hijacked authentication token. 

Google's Blogger is being abused for spreading Spam in Facebook


Cyber Criminals now started to abuse the Google's blog-publishing service Blogger for spreading their Sex Tape spams in the Facebook. Today, E Hacking News come across two facebook spam posts that links to a Blogspot address.

In one of the Justin Bieber sex tape spam, the cyber criminals used the title of the video link as "Watch Justin bieber s3x tape" and posted "I can't believe this is for real , omg is this true" from the victim accounts.


In another spam post, the title is mixed with numbers to bypass the spam detection "[VIDEO] R1HANNA S33X TAPE" .

When a user click the link , it leads to a blogspot page redirects to a malicious survey scam page where user asked to click a button & copy the content of the address bar and submit for verification.

If the user do as instructed in the page, soon he will find himself as a victim of Facebook spam and his account will be used for spreading the spam post.

Previously, we have detected that the scammers abused the Tumblr for spreading the spam in facebook .

Facebook & Tumblr being abused for spreading "John Cena Dies of Head Injury" spam


Today , one scammer posted a spam message in E Hacking News fan page that reads " John Cena of WWE died in a head injury while training! Watch the original video clip here >>>  [Facebook_Group_Link]"


Clicking the link leads to a group post with title "Exclusive vids".  The post has the following message:

John Cena (John Felix Anthony Cena) of World Wrestling Entertainment died in a head injury while perfecting a wrestling stunt with WWE wrestler, Dwayne Johnson or also known as The Rock. Authorities are now investigating. Watch the original video clip from WWE and their effort to save JOHN CENA (for 18 years+) CLICK HERE --------->[Bit_ly_Link]
Clicking the link will lead the victim to a Tumblr page where it displays a GIF image that looks like a buffering video interface. The GIF displays a fake error message " Ahhh your social media player needs to update click here and then click add to update"


Once the victim click the link, it redirects to another page where users are being asked to paste the "Access token" .

Last year, the Hoax-Slayer identified similar spam post that claims the John Cena of WWE died.

"Miley Cyrus sex tape leaked on the Internet" Facebook scams steals Authentication tokens

miley cyrus facebook scams

Tempting Facebook users with the promise of sex tape videos of celebrities are not new, but cyber criminals still choose that method as social engineering attack is one of the successful way to achieve their malicious goals.

The latest scheme starts with a post titled "Breaking News : Miley Cyrus sex tape leaked on the Internet. Millions of men called in stick after seeing it." The post has a huge thumbnail propagating the scam displays a closeup of the singer, apparently in a state of rapture.

When a user click the image, they are taken to a website where the video appears to be hosted. When victims want to play the click, they are asked to verify their age by copy and pasting their Facebook authentication token into text box.

The token allows the cyber crooks temporary access to the targeted Facebook account, including the victim’s list of friends.

According to Hot for Security report, users who fall for it will see their Timeline flooded with posts advertising the aforementioned video. Even worse, all their friends will be tagged to make sure that they don’t miss it.

"Get Free iPad 3 !" Beware of Facebook and Twitter Scams

While everyone anticipating that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th, Scammers have decided to take advantage .

Sophos security researcher come across a Facebook and Twitter Scam post that claims "Get free iPad 3". The interesting thing, iPad 3 doesn't exist yet.



"As Apple hasn't even announced the existence of an iPad 3, these posts and pages (some of which have existed for months) are clearly up to no good," says Researcher Graham Cluley.

"Chances are that we will see Apple announce an iPad 3 very soon. But don't be duped into believing there's an easy way to get one for free." He added.

"Your profile has qualified for an award of $2M" Facebook Gold Membership Scam


Hoax-Layer come across a new Facebook scam which claims to be from Facebook Team, informs that that recipient's profile just completed It's 100% Gold Status membership which has qualified you for an award of $2,500.000.00 (Two Million Five Hundred Thousand Dollars) by Facebook.

The Scam Message:
Congratulation!!!

YOUR PROFILE HAS BEEN AWARDED A GOLD MEMBERSHIP STATUS ON FACE BOOK....

We happily announce to you that your profile just completed It's 100% Gold Status membership which has qualified you for an award of $2,500.000.00 (Two Million Five Hundred Thousand Dollars) by Facebook.

You are therefore advised to contact our Executive Secretary for further directives on how to receive your award sum.

Ensure to quote the following information for authentication:
Full Names, Address and qualification numbers to the Executive Sec with your Gold Membership Qualification Numbers: (FB-57-20100, BB-456-76FUB)

Contact Person: Mrs. Florence Alison (Executive Secretary)

Email:f.team@usa.com

Payment would be made to you and other qualified members not later than 7 working days from the date of this notification.

Note: Ensure to keep all winning information strictly confidential to avoid double claims which may lead to disqualification.

Sincerely yours,
Facebook Team

The victims who fall for this scam and contact the "Executive Secretary" as instructed will soon be asked to send upfront fees, ostensibly to cover various - entirely imaginary - costs such as insurance, legal and banking expenses
The scammers will insist that these fees cannot be deducted from the cash award, which of course is also entirely imaginary.

"Your account info has been changed" - Fake Facebook notification delivers keylogger

A spam mail that poses as a notification from Facebook and claims recipient's account information has been changed , leads to malware attack.

The spam mail with subject "Your account information has been changed" hides the content and ask users to install the Microsoft Silverlight in order to view the content. If you take your mouse over the image link, it points to a .PIF(Windows executable file) file hosted in Malaysian IP address. BarracudaLabs identified this trojan as Trojan.Win32.Jorik.

Clicking on the Silverlight graphic does warn you that you’re about to run a program. This is why the Microsoft graphic is a clever addition to the ruse – you think you should be running a Microsoft program, and it’s doing exactly what you expect.

Once you click the Run button, the Trojan will take care of your system and send your keystorkes to it's master.

New Facebook survey scam claims Chuck Norris dies at age 71


Scammers spreads a new scam message on facebok that claims "Chuck Norris dies at age 71" and offer a link to a news report video but the link leads to a Survey page , the scam spotted by sophos researcher.  Chuck Norris isn't dead

The scam message:
[video] Chuck Norris dies at age 71! Not a Joke.
[LINK]
See the video to find out how he died. News today of Chuck Norris death at age 71 has been met with confusion and humour, but sadly it is true.
Clicking the video link will land you in survey scam page . The page will ask you to complete the survey in order to watch the video.

When Sophos researcher analyzed the scam, it took him to a website claiming to offer a free £100 Starbucks card.

If you see this kind of scam message that ask you to complete their survey, just ignore it, they will never give what you want.  If you shared the message with your friends, remove the message from your wall. 

"Free Mobile Recharge Coupons" scam hijacks Facebook accounts


A recent phishing scam "Free Mobile Recharge" targets Facebook users, hijacks accounts and making impossible to recover the account, warned by McAfee.

The scam automatically post a tricky free recharge offer on the victim's wall to convince their friends to click on that link. Following the link will land you in a phishing website, which asks for their Facebook account details. Once you fill the detail and press the login button, it will take you to survey page. Meanwhile it will send your login details to attacker.

The same scam message is posted on that victim’s wall to further spread the attack.

The attacker not only change the account passwords but also deleted their primary information such as email . Even if the victims try to reset their passwords, they will never get the password reset email from Facebook.

Get $50 Dollar General Gift Card for FREE to all facebook users : Facebook Scams


A New Facebook survey scam claims that uses who click a link will receive a free $50 gift card from variety store chain Dollar General, Hoax-Slayer report says.

Usually, scammers use this survey scams to get victim's personal information including name, address and contact details. This details can be used for scamming further or any other malicious purposes. Some other scammers trick users into download dubious toolbars, games or software. Still others will claim that users must provide their mobile phone number - thereby subscribing to absurdly expensive text messaging services - in order to get the results of a survey or go in the running for a prize.

No matter how many offers or surveys they complete, or what services they subscribe to, victims will never receive the promised gift card.

The scammers who create these bogus promotions will earn commissions via suspect affiliate marketing schemes each and every time a victim completes an offer or participates in a survey.

If you see these kind of scams in facebook , just delete and never click any links.

Facebook Phishing Scam promotes Indonesian rock star


A New Facebook phishers used Indonesian Rock star as beit for their phishing sites.

"This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular." reported by Symantec.

Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”.

The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of the photograph translated: “To view videos of Ahmad Dhani recorded from CCTV cameras, please login below”. After users entered their Facebook login credentials, the phishing page redirected to a pornographic website. Of course, if users gave away their login credentials to the phishing site, phishers would have successully stolen their information for identity theft. The phishing site was hosted on a free Web hosting site.

Celebrities have been a common target in phishing attacks. In the past, we have seen Aishwarya Rai and Katrina Kaif used as phishing bait. Phishers are choosing celebrities with a large fan following because they perceive a larger audience will mean more duped users.

Security Tips to avoid Phishing Attack ,provided by Symantec:
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software, such as Norton Internet Security 2011, to protect you from online phishing.
Security Tips from BreakTheSecurity:
  • Before entering the login information ,check the url
  • Use Secure Connection(Ex: https://gmail.com)
  • Use some AntiPhishing Addon(ex: FirePhish)
  • Don't forget to read our Security Tips Blog: http://www.breakthesecurity.com