14 DAY TRIAL // The image and reputation of popular singers is being used by phishers to promote their latest malevolent campaigns in which they rely on naivety to steal credentials.
Symantec's blog reveals the latest such operation that uses pictures of Selena Gomez and Demi Lovato to attract unsuspecting internauts into supplying credentials in return for alleged chat opportunities and other media content related to the celebrities.
A highly popular information services website is replicated promising visitors additional information on the stars once they log in. After accessing the account, a poorly designed webpage appears allegedly allowing the victim of the phish to chat, view images and listen to music.
Unfortunately, at this point it's too late as the credentials were already swooped, giving the cybercrook the opportunity to access your genuine account.
The rogue sites were addressing French speakers and they relied on typosquats to lure users to their domains.
For future references, take in consideration that a website with a good reputation will probably not change the format of its log-in page to promote a celebrity so pages that contain only a picture of someone, a username and a password form should be treated with maximum suspicion.
In order to avoid phishing attacks, also follow these advices:
- never click on suspicious links in email messages and watch out for the latest shortened URLs; - unless absolutely necessary, don't provide any personal information when replying to an email; - pop-up pages should be avoided as in many cases they take off with your credentials; - install an anti-virus software and make sure its database is up to date; - when supplying personal data, especially financial data, make sure the current page is encrypted with an SSL certificate, which even if it's not foolproof, it's a sign that the website is probably trusted.