Symantec has recently observed phishing attacks on a leading brand that provides investment and brokerage services. The brand is primarily into brokerage but also offers other various services to customers, such as investment research, mutual funds, bond trading, mortgages, and so on. Customers can register on the brand’s legitimate website by providing certain confidential information, including a social security number and brokerage account number. The phishing websites in this case were observed to be spoofing the legitimate brand’s main login page. After login credentials were entered into the phishing site, the fraudulent page stated that the customer’s records were missing or found to be incorrect. The phishing site further stated that the customer was required to resubmit his or her information (social security number, brokerage account number, etc.) to correct any errors. Prior to the collection of this information, the fraudulent page asked the user to complete a fake identification process by entering certain personal data for added security. The personal data included an email address (with password) and mother’s maiden name. The fake identification process continued on to the subsequent page, asking to upload the customer’s signature in an image format. Finally, the phishing site prompted for the information needed in order to store the “customer records.” Some of the phishing URLs utilized typosquatting domain names. So, customers may have entered the phishing site due to typographical errors they made while typing the legitimate website address. Fraudsters also used automated phishing toolkits to attack the brand. The phishing websites were hosted on servers based in the USA and China. Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. ==================== Note: My thanks to Rohan Shah, co-author of this blog.