Contributor: Avdhoot Patil
It seems that targeting football clubs, football celebrities, and football events has become a habit for phishers. They continue their uncivilized activities and in particular single out football. Now, phishers have set their eyes on the Real Madrid Football Club based in Madrid, Spain. Real Madrid is one of the world’s richest football clubs and has a large fan base.
Figure. Fake Facebook phishing page featuring Real Madrid and Cristiano Ronaldo.
As we can see in the figure, the phishing page asks users to enter Facebook login credentials while the page content is designed to highlight the football club. The phishing page is titled “Facebook Real Madrid Login” and the background contains an image of Cristiano Ronaldo, a Real Madrid player. After login credentials are entered, the phishing page redirects to the legitimate Facebook community page for Real Madrid. The purpose of redirecting to a legitimate page is to create the deception of a valid login. If users fall victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Phishers understand that choosing celebrities and football clubs with a huge fan base offers the largest amount of targets that can increase their chances of harvesting user credentials. In June 2013, the trend continued with phishers using the same strategy.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages.
- Avoid providing any personal information when answering an email.
- Never enter personal information in a pop-up page or screen.
- When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
- Use comprehensive security software, such as Norton Internet Security or Norton 360, which protects you from phishing scams and social network scams.
- Exercise caution when clicking on enticing links sent through email or posted on social networks.
- Report fake websites and email (for Facebook, send phishing complaints to firstname.lastname@example.org).