In September 2010, Symantec observed a phishing site that targeted customers who use the product “Norton Internet Security”. Norton Internet Security is a Symantec product which provides prevention against malware, viruses, and email spam. It is also one of the leading anti-phishing solutions in the market.
Fraudsters attempted to steal credentials from users with a Norton account by means of a phishing page that claimed to be an account restoration page. The phishing site was titled “Norton Internet Security Alert” and asked for an identity verification of the user to restore his or her account. The confidential details asked for in the verification were the user’s name, email address, and password. The user was also asked to enter a code from a bogus CAPTCHA provided in the page. The phishing site claimed that this CAPTCHA code was required to prevent spam messages.
After the required information is entered and the “Submit Form” button is clicked, the user is redirected to another page shown in the screenshot above. Here, the user is prompted to click on the “Click to Continue” link. Upon clicking this link, the phishing page returned a “404 Page not found” error with the message “There are no pages in this website”. If customers fell victim to the phishing site, fraudsters will have succeeded in stealing their user information for gaining access to Symantec security products. It is to be noted that a site such as “NIS 24-7 Alert Program” does not exist and is not a Norton site.
The phishing site was hosted on a free webhosting site based in Canada. The phishing site is currently inactive. The words in the phishing URL gave the impression that the page was related to Norton’s account restoration. Below is an example:
hxxp://www.norton24-7alertprogram.******.com/account_restore.html [Domain name removed]
Although phishing sites are frequently short lived, individuals should be aware that other phishing scam sites using this or a similar template could be encountered in the future. Norton anti-phishing technology allows preventative detection and identification of these kinds of phishing sites even in cases where the site has not yet been reported to Symantec as a fraudulent site.
Internet users are advised to follow the below best practices for avoiding phishing attacks:
· Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
· Do not click on suspicious links in email messages.
· Use security software, such as Norton Internet Security 2011, which protects you from online phishing and make sure to run updates frequently.
Special thanks to the co-author of the blog, Ashish Diwakar.