Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Phishers serve up Paolo Bediones sex video, steal Facebook user logins

A fake Facebook website is behind a phishing campaign offering up the sex scandal video of Filipino TV host Paolo Bediones.
Created: 19 Aug 2014 23:33:39 GMT • Updated: 22 Aug 2014 00:02:44 GMT
Avdhoot Patil's picture
+1 1 Vote
Login to vote

Phishers are known for capitalizing on current events and using them in their phishing campaigns. Celebrity scandals are popular and Symantec recently observed a phishing attack on the Facebook platform that claimed to have the sex tape of well-known Filipino television host and news anchor Paolo Bediones. Paolo Bediones became a hot topic last month when an adult video featuring a person resembling this TV host appeared online.

Symantec discovered a fake Facebook site behind a campaign that offered the "sex scandal" video of Paolo Bediones.


Figure. Phishing site requests user login, then steals credentials

A message on the phishing site requests users to login to watch the full sex video. If users enter their Facebook login credentials, the phishing page steals the username and password then redirects to an adult website which hosts the promised video. By redirecting users to this adult website, users are less likely to be aware that they have been scammed and may believe their login was valid.

This phishing site is hosted using free hosting and targets Filipino Facebook users. Symantec has notified Facebook and they are investigating.

Symantec advises all users to follow these best practices to avoid becoming victims of phishing attacks:

  • Check the URL in the address bar when logging into your account to make sure it belongs to the website you wish to visit
  • Do not click on suspicious links in email messages
  • Do not provide any personal information when replying to emails
  • Do not enter personal information in a pop-up page or window
  • When entering personal or financial information, ensure that the website is encrypted with an SSL certificate by looking for the padlock icon or “HTTPS” in the address bar 
  • Use comprehensive security software, such as Norton Internet Security, to be protected from phishing and social networking scams
  • Exercise caution when clicking on enticing links sent through emails or posted on social networks