Symantec on a fake voting campaign used to steal Facebook credentials

Pierluigi Paganini April 08, 2014

Security experts at Symantec observed a new phishing campaign based on a fake voting application used to steal victim’s credentials.

Phishing is a very dangerous threat for Internet users, nearby classic techniques new forms of phishing are exploiting new platforms like mobile and social networks.

Phishers continuously improve their techniques to be able to harvest the greatest volume of users’ sensitive information.

Last discovery was made by the security experts at Symantec, they observed a phishing campaign, dubbed “WHO IS GREAT BOYS OR GIRLS?”, based on a bogus voting website used to collect user data asking to decide whether boys or girls are greater.

The page, hosted on a free Web hosting site, propose the results in the form of bar charts reporting voting ratio related to a time interval of four years, a social engineering trick to increase reputation for the page.

“The phishers used the following phishing URL, and a subdomain to indicate that it is an application:”

http://smartapps.[DOMAIN NAME].com

The technique implemented by the phishers is simple as efficient, the first phishing page contains a button to start voting operation, once clicked by the victims the page displays a pop-up window which requests for a user’s login ID and password:

Facebook phishing campaign voting 2

The pop-up also contains radio buttons to express the preference between a female or male, once submitted the choice the page redirects the victim to an acknowledgement page to confirm his or her voting information.

I decided to propose this apparently simple technique because it is very insidious and largely adopted by the phishers, with a similar trick cyber criminals are able to steal victim’s credentials and obtain the full control of their digital world.

Symantec provided a series of useful suggestions to avoid becoming victims of phishing attacks:

  • Check the URL in the address bar when logging into your account to make sure it belongs to the website that you want to visit
  • Do not click on suspicious links in email messages
  • Do not provide any personal information when replying emails
  • Do not enter personal information in a pop-up page or window
  • Ensure that the website is encrypted with an SSL certificate by looking for the padlock image/icon, “HTTPS”, or the green address bar when entering personal or financial information
  • Exercise caution when clicking on enticing links sent through emails or posted on social networks

Be aware, phishers always count on the surprise effect.

Pierluigi Paganini

(Security Affairs –  Voting campaign, Facebook)



you might also like

leave a comment