Fake social sites are spreading

Phishers do their best to obtain the identities of unsuspecting users. Many of them scout their victims using drastic methods, various fake social sites. Norton presents two recent examples of this, for which Hungarian users should be prepared in the near future.

There are a number of innovative solutions used by phishers who are increasingly taking advantage of the popularity of social networking sites. Norton recently found examples of two such cases in which cybercriminals collected data by copying Facebook’s design.

In the first case, the phishing website copies the Facebook login page and also claims to provide a number of innovations for users. The incident occurred in India, but could recur anywhere in the world. The malicious application calls itself “Chehrakitab” which means Facebook in Hindi. The text of pages of a similar nature, which are created to deceive Indian users, is always of very poor quality. A site called Facebook 2013 Demo is a good example of this. The description of this said that although the new Facebook is still being developed, users can now enter the social interface. The creators, by the way, presumably don’t have a good opinion of Facebook because they put the following text under the logo: “People are wasting their lives with it”. If users still fell for the trick, criminals could successfully access their data and steal their online identities. This website was otherwise available through a free server.

The second phishing attack recently discovered by Norton used a picture of a little girl and an associated “like” button similar to the one seen on Facebook to hijack. In doing so, after the user clicked the button, they were asked in a subsequent interface to log in to Facebook, i.e. enter their IDs. Once this is done, the page has moved on to another “like” button with a fake string of numbers that shows how many people have already liked the image. So what happened here was that by creating a fake interface similar to Facebook, email addresses and passwords were obtained, potentially allowing attackers to gain access to other accounts and personal information as well. The phishing site was run through an Amsterdam server.

Because cybercriminals often rely on human credulity and inattention, it is important that we do our own to protect our sensitive information. Here are some tips to help prevent phishing attacks:

• Do not click on suspicious links in emails.
• Do not provide personal information when replying to an email.
• Do not enter personal information in pop-ups.
• Make sure the website is encrypted with an SSL certificate. Make sure the padlock, “https,” or green appears in the title bar when you enter personal or financial information.
• Use comprehensive security software, such as Norton Internet Security and Norton 360, to help protect against phishing and social network fraud.
• Be careful when clicking links sent via email or shared on social networking sites.