In 2010, Symantec reported phishing sites that were spoofing a popular social networking brand. The phishing sites claimed to have a Web application with which end users could watch “Big Brother Brasil” online. This phishing attack was launched during the 10th season of the television show that was on air from January to March of 2010. On January 11, 2011, the 11th season of the show began and phishers are back again with the same bait to try their luck at harvesting user credentials. The latest phishing site was hosted on a free webhosting domain.
On certain legitimate Web sites, live video feeds of the show are available around the clock from multiple cameras in the Big Brother house. Some of these videos are suitable only for adult viewing. On the other hand, no live video feeds are available on the phishing site and the claim of having such a Web application is only a ploy to lure end users. The message in the displayed image of the phishing site was in Portuguese and translates to “In ***** [Brand name removed] Big Brother Brazil is live. Attention: Login to the side and check”. If users fell victim to the bait by entering their login credentials, phishers will have succeeded in stealing their information for identity theft.
In the past few months, the motive of phishers has been to improve their chances of tempting end users by increasing the appeal of the baits. It has been observed that pornography or adult content comprised of majority of the utilized baits. Here, though pornography was not involved in the phishing site, the strategy of phishers was to give users the hope of viewing adult videos of the participant celebrities in the television show.
Internet users are advised to follow best practices to avoid phishing attacks, such as:
• Do not click on suspicious links in email messages.
• Avoid providing any personal information when answering an email.
• Never enter personal information in a pop-up screen.
• Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.
Note: My thanks to the co-author of this blog, Avdhoot Patil.