In the past couple of months, pornography has been used as bait in several phishing websites. In particular, phishers used fake images of the Indian film star Katrina Kaif on a phishing site that spoofed a social networking brand. The images were modified to increase their pornographic appeal. Katrina Kaif is one of the most popular actresses in Indian cinema today. Recently, the actress has been in the news because of the circulation of a fake adult video on the Internet. The video, claiming to be of the actress, actually features a look-a-like. The title of the phishing site displayed “Katrina Kaif’s XXX Tape,” giving the impression that the video in question was available for viewing. The scam attempts to dupe users into thinking that they can view or download the (bogus) video if they enter their login details for the legitimate social networking site. Of course, once a user enters login details, the phishers will have succeeded in harvesting them for future attacks. Evidently, phishers have chosen the actress to create the phishing page because of her huge fan following and also because of the recent news about the XXX video clip. As with most cases of phishing linked to pornography, the phishing site included altered content to help it look more like an adult social networking site, and the site claimed that certain features involving adult content were available. However, it is important to bear in mind that the legitimate social networking site being spoofed in this case is not involved with any form of pornography or adult sex chat. Some of the features mentioned were: • Having friendship with porn stars and participating in instant messaging with them. • Searching for profiles of prostitutes from friends of friends and communities. • Viewing pornography that includes porn videos and adult photographs. The phishing site was hosted on a free Web-hosting site. The phishing URLs gave the distinct impression that the content was linked to pornography. Some examples are: hxxp://my-s3x-v1ds.******.com/ [Domain name removed] hxxp://xxxx-xxxxxx-account-acekdckaek3kk.******.com/ [Domain name removed] hxxp://sexy-monika. ******.com/ [Domain name removed] For more information on pornography in phishing, please refer to “Pornography Used As Bait In Social Networking Fraud” and “Phishing Using Pornographic Content as Bait.” Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. --------------------------------------------- Note: My thanks to the co-author of this blog, Ashish Diwakar.