Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Symantec has observed a scam where phishers were trying to steal login credentials, but their means of data theft wasn’t with the phishing bait alone. Their ploy also used malware for harvesting users’ confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site.
The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options to activate the fake app. If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks:
- Check the URL in the address bar when logging into your account and make sure it belongs to the website that you want to go to
- Do not click on suspicious links in email messages
- Do not provide any personal information when answering an email
- Do not enter personal information in a pop-up page or window
- Ensure that the website is encrypted with an SSL certificate by looking for the padlock image/icon, “https” or the green address bar when entering personal or financial information
- Use comprehensive security software, such as Norton Internet Security or Norton 360, which protects you from phishing scams and social networking scams
- Exercise caution when clicking on enticing links sent through email or posted on social networks