A couple of months ago, Japan was hit by an earthquake of magnitude 9.0. The earthquake and tsunamis that followed caused severe calamity to the country. Phishers soon responded with their fake donation campaign in the hopes of luring end users. Unfortunately, it seems that the phishers are continuing to use these fake donations as bait in a recent phishing attack we observed.
In a fake donation campaign, phishers spoof the websites of charitable organizations and banks and use those fake sites as bait. This time, they spoofed the German page of a popular payment gateway site with a bogus site that asked for user login credentials. The contents of the page (in German) translated to “Japan needs your help. Support the relief efforts for the earthquake victims. Please donate now.” The message was provided along with a map of Japan that highlighted two cities from the affected region. The first city shown was the one near Japan’s nuclear power plant, Fukushima, and the second was the capital city, Tokyo. The map also showed the epicenter of the earthquake located undersea near the east coast of Japan.
Upon entering their credentials, users are redirected to the legitimate website where they continue their activity, unaware that they have provided their valuable login information to phishers. Because the login credentials in question are for a payment gateway site, the account is linked to users’ money by means of credit cards or bank accounts. If the users have fell victim to the phishing site, phishers will have successfully stolen their personal information for financial gain. The phishing attack was carried out using a toolkit that utilized a single IP address, which resolved to four domain names and was hosted on servers based in France.
Internet users are advised to follow best practices to avoid phishing attacks:
• Do not click on suspicious links in email messages.
• Avoid providing any personal information when answering an email.
• Never enter personal information in a pop-up page or screen.
• Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.
Note: My thanks to Ravish Bagul, co-author of this post.