Contributor: Avdhoot Patil
Phishers are known for incorporating current events into their phishing sites and never leaving any stone unturned. They are now capitalizing on the civil war in Syria. In December 2012, a phishing site spoofing a popular social networking site claimed to have a torture video of a prisoner in the Syrian prison, State Security Branch Khatib. Phishers compromised a legitimate domain based in the United Arab Emirates to host the phishing site. The phishing pages were in Arabic.
The title of the phishing site translated to “Liberal torture in the State Security Branch Khatib”. The site warned that the video contained scenes of violence and asked users for their permission before proceeding. After permission had been granted, users were prompted to enter their login credentials. The login credentials were allegedly required to confirm that the user was over 18 years of age. After the login credentials had been entered, the same phishing page was reloaded. If users fell victim to the phishing site, phishers would have successfully stolen their information for identity theft.
Figure 1. Video permission request
Figure 2. Login credentials prompt
Internet users are advised to follow best practices to avoid phishing attacks: