Co-author: Avdhoot Patil
Celebrity promotion has gained momentum in the world of phishing. In October 2011, we observed Indonesian rock star Ahmad Dhani was being used as phishing bait and phishers continue their stream of celebrity bait with popular singers Selena Gomez and Demi Lovato. Celebrities with a large fan following are phishers’ favorites (because they believe a larger audience will mean more duped users).
In today's example, phishers created phishing sites that spoofed the login pages of a popular information services website. The phishing pages contained a picture of the singer and the page altered to give the impression that users could gain access to additional content about the celebrity after entering their own login credentials. It should be noted good websites will never alter the format of their login page for celebrity promotions. After the login credentials are entered into the phishing site, users are directed to a page providing various options to the user. These options include chatting with the singers, visiting their official community page, watching videos, seeing images of them in popular search engines, and so on. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their confidential information for identity theft purposes.
The phishing sites were in written in French and phishers utilized domains which were typosquats of the names Selena and Demi. The country code top level domain (ccTLD) of these domains were from Tokelau (a territory in New Zealand).
Internet users are advised to follow best practices to avoid phishing attacks: