Symantec has observed a new trend in phishing in which the phishing Web page contains pornographic content. The phishing site states that the end user can obtain free pornography after logging in or signing up. These offers tempt users into entering their credentials in the hopes of obtaining pornography.
The attackers use several offers of pornography as bait. Some of the offers are adult chat, social networking with adult personals for sexual favors, blogs with free pornography, and so on. The screenshot below is an example of a phishing website using a leading information services brand. The site states that they provide email alerts for sex parties:
In January, new phishing attacks such as the above example continued to be observed abusing legitimate brands. The phishing pages were created using free Web hosting sites. Upon entering login credentials, the site redirects to a pornographic website that then leads to a fake antivirus website containing malicious code. To learn more about the trends involved with fake antivirus software, please refer to Fake Antivirus Scans are so 2009.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links from emails.
• Check the URL of the website and make sure that it belongs to the brand.
• Type the domain name of your brand directly in your browser rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2009, which protects you from online phishing.
Note: My thanks to the co-author of this post, Anand Muralidharan.