Phishers continuously improve their techniques to be able to harvest the greatest volume of users’ sensitive information.
Last discovery was made by the security experts at Symantec, they observed a phishing campaign, dubbed “WHO IS GREAT BOYS OR GIRLS?”, based on a bogus voting website used to collect user data asking to decide whether boys or girls are greater.
The page, hosted on a free Web hosting site, propose the results in the form of bar charts reporting voting ratio related to a time interval of four years, a social engineering trick to increase reputation for the page.
“The phishers used the following phishing URL, and a subdomain to indicate that it is an application:”
The technique implemented by the phishers is simple as efficient, the first phishing page contains a button to start voting operation, once clicked by the victims the page displays a pop-up window which requests for a user’s login ID and password:
The pop-up also contains radio buttons to express the preference between a female or male, once submitted the choice the page redirects the victim to an acknowledgement page to confirm his or her voting information.
I decided to propose this apparently simple technique because it is very insidious and largely adopted by the phishers, with a similar trick cyber criminals are able to steal victim’s credentials and obtain the full control of their digital world.
Symantec provided a series of useful suggestions to avoid becoming victims of phishing attacks:
Be aware, phishers always count on the surprise effect.
(Security Affairs – Voting campaign, Facebook)