Symantec has observed that most phishing URLs associated with Chinese brands attempt to trick users by stating that they are winners of a great prize. The fake websites declare that the visitors are winners for reasons such as:
1. Customers of the brand were chosen for a lucky draw and that the customer won the draw.
2. The brand wishes to thank the customer for their long time commitment by gifting them prizes.
3. The customer has triumphed in a gaming site of the brand, attaining the highest score.
The phishing site goes on to state that the customer needs to submit confidential information to receive the prize, either to prove his or her identity or for the transfer of the prize money to the customer’s bank account. The following image is an example of a Chinese phishing page for a gaming website. The page says that the customer needs to enter details to prove his or her identity so as to...
Symantec has observed a sudden rise in phishing on Indian brands recently. The number of phishing URLs on Indian brands in the first two weeks of August was nearly 2% of all phishing attacks. In the past, the usual average was typically 0.5%. This means that the rise has grown four fold in just two weeks.
The geo-location of each phishing site was examined and it was observed that none were in India. But, it is likely that at least some of the phishers involved are in India since the confidential data stolen can be used for specific Indian needs. For instance, there are several websites dedicated to the purchasing of Indian goods and articles, which accept net banking payments only from a given list of Indian bank accounts. Hence, the attackers may be employing every means of masking their location by creating their website elsewhere and not on Indian servers.
There were five brands targeted that were all in the banking sector for the given time period. Among...
What is an IDN? IDN stands for “internationalized domain name.” These are the domain names that contain one or more characters that do not belong to a Latin-based western language (or characters that are not available in the ASCII character set).
Domain Name System or DNS (a naming system that links domain names to IP addresses) has the technical support for these IDNs, but many applications such as Web browsers, email services, etc. are not yet able to support them. Such compatibility issues arising from IDNs necessitated a conversion from an international character to a suitable ASCII character. The conversion is achieved by the use of certain algorithms that converts these characters into a code called Punycode. A Punycode contains ASCII characters prefixed with the string “xn—.”
The following is an example for a Chinese domain converted to its Punycode:
