Phishers continuously improve their techniques to be able to harvest the greatest volume of users’ sensitive information.
Last discovery was made by the security experts at Symantec, they observed a phishing campaign, dubbed “WHO IS GREAT BOYS OR GIRLS?”, based on a bogus voting website used to collect user data asking to decide whether boys or girls are greater.
The page, hosted on a free Web hosting site, propose the results in the form of bar charts reporting voting ratio related to a time interval of four years, a social engineering trick to increase reputation for the page.
“The phishers used the following phishing URL, and a subdomain to indicate that it is an application:”
The technique implemented by the phishers is simple as efficient, the first phishing page contains a button to start voting operation, once clicked by the victims the page displays a pop-up window which requests for a user’s login ID and password:
The pop-up also contains radio buttons to express the preference between a female or male, once submitted the choice the page redirects the victim to an acknowledgement page to confirm his or her voting information.
I decided to propose this apparently simple technique because it is very insidious and largely adopted by the phishers, with a similar trick cyber criminals are able to steal victim’s credentials and obtain the full control of their digital world.
Symantec provided a series of useful suggestions to avoid becoming victims of phishing attacks:
Be aware, phishers always count on the surprise effect.
(Security Affairs – Voting campaign, Facebook)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.