Internet users are becoming more aware of the dangers lurking behind the screens of their computer and that's why phishers are turning up the notch with new methods of luring unsuspecting people into their nets.
The latest “phishing expedition” was observed by Symantec and described in detail on their official blog.
The malicious site was masked as a software company that offered considerable discounts on their products. Users were then lead to a page where they would be required to give out all their personal information, including credit card details, which would later be used to gain control of the person's financial records.
Many people were drawn to the page by the up to 80% savings they could make on the website's main page.
You might think that all phishers use this tactic to attract unknowing victims, but this is where things become interesting. The page containing the offers was hosted on a newly registered domain which ranked high in most of the popular search engines. This was achieved by using keywords in the domain name which are very common in related searches.
The worst is yet to come, as the people behind this ill-intended practice managed to make fake trust seals which bought them a whole lot of credibility. End users tend to trust security seals as they normally represent the approval of a third party security company which confirms the legitimacy of the website.
The seals seemed legit because of some sub-domain randomization techniques used by the phishers.
Always remember that the best way to protect yourself against these threats is by being cautious. Also, here is some general advice on how to avoid phishing attacks:
- never click on suspicious links contained in email or instant messages;
- make sure that when you check the security seal of a website, the URL from the seal-proving window is a secure HTTPS address;
- never enter private information in pop-up pages;
- always keep your security software up to date.