Co-Author: Avdhoot Patil
Phishing sites with adult content are not uncommon. Phishers have often used adult content as bait in fake social networking applications. In March 2012, a phishing site spoofing a gaming brand claimed to have an adult webcam application. The phishing site was hosted on a free web hosting site and the phishing page was in Italian.
A fake offer was given on the phishing site and an adult webcam image was placed below it. According to the fake offer, the gaming brand had prepared a list of users who were willing to perform nude webcam shows for a small price, even free. The phishing site further claimed that by entering login credentials one could receive through email the names of the users willing to perform and be able to add them to their contact list. The phishing site explained that login credentials were required because the brand decided could not disclose the names of performers outside the network to maintain privacy. To gain the users’ confidence, phishers assured there was no scam involved in this offer and verified each performer did perform nude in the webcam shows. The cost for each performance was set at 1 or 2 credits or free, depending on the performer. After login credentials are entered, the phishing page displays the message: “Incorrect password”. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages.
- Avoid providing any personal information when answering an email.
- Never enter personal information in a pop-up page or screen.
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
- Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.