Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

Adult Phishing Scams Haunt Aura Kasih

Created: 03 Aug 2012 17:36:42 GMT • Updated: 23 Jan 2014 18:13:30 GMT • Translations available: 日本語
Mathew Maniyara's picture
0 0 Votes
Login to vote

Co-Author: Avdhoot Patil

Phishers continue to target Indonesian celebrities with adult scams. Phishing attacks on rock star Ahmad Dhani have already been seen. In July 2012, Symantec observed a phishing site that claimed to have an adult video of Indonesian actress and singer Aura Kasih. The phishing site spoofed a social networking brand and was hosted on a free Web hosting site.

The adult scam came in light of a recent scandal surrounding the singer. An adult video, allegedly of Aura Kasih and pop star Nazril Irham, has been circulating recently in Indonesia over the internet and mobile phones. It is rumored that the video started appearing after Nazril Irham’s laptop was stolen.

Phishers created the phishing site with an image of a video link of Aura Kasih. A message in Indonesian on the image prompted users to login to view the video. The message also mentioned that the video was provided in secret by the social networking site and asked users not to distribute the video. A logo of the social networking brand was placed towards the image on the left with the caption, “Download Video”. After users entered their login credentials they were redirected to an Aura Kasih blog page. The blog page contained several fake links giving the impression that clicking them would lead to adult videos of the singer.

Phishers are constantly monitoring current events to incorporate them into their phishing sites. They perceive that by doing so, the phishing sites look more authentic which improves their chances of harvesting user credentials. If users fall victim to the phishing site, phishers would have successfully stolen their information for identity theft. The strings contained in the phishing URL indicate that the video in question is available after logging in.

The phishing URL is:

[http://]aurakasih-sexxx.[REMOVED].com/login.php

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure that the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
  • Update security software frequently (such as Norton Internet Security 2012) to protect you from online phishing