Depths Phishermen Go To Catch a Phish
It is common knowledge that phishers [Authors of a phish] attempt to steal sensitive information such as passwords, credit card details etc. by masquerading as a trustworthy entity. Some key elements of a phish are:
- A fake website created by simply ripping content off the original site and pasting them on the spurious one
- A bait which engages potentially attractive terms like “Watch nude girls now”, “You’ve won a million dollars”, “Find what your neighbor is up to “, etc. to attract victims
- Scare mongering by using words like “Account has been suspended”, “Computer found to be infected”, “Severe action will taken” etc.
- Create a YouTube video
Yes, you read that right!! Phishers now go to the depths of creating videos explaining to the potential victim how to execute the phish. Call it a “how-to-guide” to give your secrets away, if you’d like.
The site under discussion http://fbshirts.%5BBlocked%5D, apart from having all the usual elements of a phish also has a video on YouTube instructing users how to give away their Facebook “mobile email address”. This is a personalized email address used to post status updates straight to your profile.
Users who’ve fallen victim to this scam will have a spam message posted on their facebook wall like the one below:
One would like to think that no one would fall victim for such a scam. But the number of hits that this video has received, (80,432 and counting) paints a bleak picture. See image below:
Our usual sentiments about keeping one’s security solutions up-to-date and being vary of giving one’s personal information to unknown sites apply.