Pierluigi Paganini
April 08, 2014
Phishing is a very dangerous threat for Internet users, nearby classic techniques new forms of phishing are exploiting new platforms like mobile and social networks.
Phishers continuously improve their techniques to be able to harvest the greatest volume of users’ sensitive information.
Last discovery was made by the security experts at Symantec, they observed a phishing campaign, dubbed “WHO IS GREAT BOYS OR GIRLS?”, based on a bogus voting website used to collect user data asking to decide whether boys or girls are greater.
The page, hosted on a free Web hosting site, propose the results in the form of bar charts reporting voting ratio related to a time interval of four years, a social engineering trick to increase reputation for the page.
“The phishers used the following phishing URL, and a subdomain to indicate that it is an application:”
http://smartapps.[DOMAIN NAME].com
The technique implemented by the phishers is simple as efficient, the first phishing page contains a button to start voting operation, once clicked by the victims the page displays a pop-up window which requests for a user’s login ID and password:
The pop-up also contains radio buttons to express the preference between a female or male, once submitted the choice the page redirects the victim to an acknowledgement page to confirm his or her voting information.
I decided to propose this apparently simple technique because it is very insidious and largely adopted by the phishers, with a similar trick cyber criminals are able to steal victim’s credentials and obtain the full control of their digital world.
Symantec provided a series of useful suggestions to avoid becoming victims of phishing attacks:
Be aware, phishers always count on the surprise effect.
(Security Affairs – Voting campaign, Facebook)
