A Fake Phone Service Scam

Over the past month or so, phishing websites that have been offering a facility to place free phone calls have been observed to be attacking a legitimate social networking website. The fake service, named “Digits,” is promoted on the phishing website as a project driven by a non-existent community supposedly created on the well-known social networking website. The fraudulent login page outlines steps to access the fake service. The first step is for users to synchronize their social networking accounts with “Digits.” Next, users are asked to select a new ten-digit mobile number. Further, in order to place free calls and text messages, users are prompted to invite friends so that they can earn (fake) reward points.

The phishing website is created with the motive of tricking users into believing that these services are accessible once their social networking website login credentials have been entered. Quite the contrary, because after entering their credentials, the user is redirected to a bogus page that displays the balance of non-existent reward points. If the phishers are successful, the users will have given up their social networking website account details to the phishing site. The phishing site is created on a paid webhosting service based in the USA.

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

•    Do not click on suspicious links in email messages.
•    Check the URL of the website and make sure that it belongs to the brand.
•    Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
•    Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.

--------------------------------------------

Note: My thanks to the co-author of this blog, Ashish Diwakar.