Facebook has gained a lot of popularity in Indonesia. The country is ranked third in the most number of Facebook users. With more end users in Indonesia, phishers seemed to have gained interest in creating phishing sites that target them. Recently, Symantec observed an adult scam spoofing Facebook that targeted Indonesian end users. The phishing Web site was hosted on a free Web hosting site.
The phishing site stated that an application in which end users can view adult videos of popular Indonesian celebrities was available. It was claimed that the videos were taken from hidden cameras in hotel rooms. Users were prompted to enter their login information to gain access to the fake application. To make it look more convincing, it was claimed that the application was from Facebook’s service team. The phishing page displayed a slide show of pornographic images of Indonesian celebrities. The images gave the impression that they were screenshots of the adult videos available in the fake application. The motive of displaying such pornographic images was certainly to tempt end users. On the other hand, no such adult application exists in the legitimate Facebook Web site. This is, of course, a bait used by phishers in the hopes of tricking users in to giving away their confidential information. If phishers succeeded, they will have stolen information for identity theft.
Symantec had earlier reported an instance of a phishing site providing fake security to Indonesian Facebook users. To read more on the trend, please refer to “Fake Security for Indonesian Facebook Users”.
We notified Facebook regarding this issue, as they actively block links to sites that have been identified as malicious (e.g. phishing sites or sites that host malware) from being shared on the Web site and work with third parties to get the sites added to browser blacklists, and where possible, removed by the Web hosting service.
Internet users are advised to follow best practices to avoid phishing attacks, such as:
- Do not click on suspicious links in email messages.
- Avoid giving any personal information when answering an email.
- Never enter personal information in a pop-up screen.
- Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.