Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Phishers' fake gaming app nabs login information

Phishing site claims to offer "unlimited chips" for Indian poker app.
Created: 01 Aug 2014 08:32:58 GMT • Updated: 21 Aug 2014 17:39:30 GMT
Avdhoot Patil's picture
+1 1 Vote
Login to vote

Contributor: Virendra Phadtare

Phishers are continuing to focus on social networks as a platform for their phishing activities. Fake social media applications in phishing sites are not uncommon. In the past, we have seen a bogus Asian chat app and a fake voting campaign in phishing attacks. These fake apps are typically developed for the purpose of harvesting personal information. 

Symantec recently observed a phishing site with a fake gaming application that claimed to offer unlimited chips for an Indian poker gaming application called Teenpatti. Phishers promoted a fake version of the Teenpatti game called “Teenpatti Hack”. The phishing site was hosted on a free Web hosting service.

figure1_11.png
Figure 1. Phishing site asks users to enter login information

The phishing site was titled “Welcome to Teenpatti hack” and asked users to enter their Facebook login credentials to get 50 million chips. The phishers claimed they would give the chips to the user 24 hours after they log in. Even though the phishing site requested Facebook credentials, the site’s login form mimicked Gmail’s. The phishers also displayed the logo of the Teenpatti game in the top left and bottom left corners of the phishing site. If the user entered their login credentials, the phishing site redirected the user to another Web page which displayed the message “Wait for 24 hours after open teenpatti and get chips…”

figure2_10.png
Figure 2. Phishing site asks user to wait for 24 hours after they log in.

Of course, the 24-hour wait is just a time-buying strategy to avoid any early user suspicion. If the user got this far and fell victim to the phishing site, the phishers would have successfully stolen their information.

The use of fake applications as bait in phishing campaigns is not uncommon. Symantec advises Internet users to follow these best practices to avoid becoming victims of phishing attacks.

  • Check the URL in the address bar when logging into your account to make sure it belongs to the website that you want to visit
  • Do not click on suspicious links in email messages
  • Do not provide any personal information when replying to emails
  • Do not enter personal information in a pop-up page or window
  • When entering personal or financial information, ensure that the website is encrypted with an SSL certificate by looking for the padlock icon or “HTTPS” in the address bar 
  • Use comprehensive security software, such as Norton Internet Security or Norton 360, to be protected from phishing and social networking scams
  • Exercise caution when clicking on enticing links sent through emails or posted on social networks