14 DAY TRIAL // A website that tries to replicate a popular social network gaming application, hosted on a free webhosting service, was identified as hiding a malicious phishing campaign that targets the credentials of Chinese users, promising an iPad 2 for those who enroll into a contest.
Symantec experts stumbled upon the website that now even has an English variant to make sure the number of victims is higher.
Immediately as the site is loaded, the user is informed that his password is incorrect, requesting him to provide it once more along with his email address, email password and birth date.
The bottom of the page claims that the lucky winner of an iPad 2 or even $50 million (35 million EUR) will be drawn based on the email address, after which it wishes good luck to the participants. Once the details are handed over, the unsuspecting victim is redirected to a legitimate site to make sure the scheme doesn’t raise suspicion.
Unlike the Chinese version, the English site automatically appoints the visitor as the winner of $124 million (86 million EUR) in poker chips. In this scenario, the iPad is offered as a bonus to the millions the user allegedly already won.
“Welcome bonus of your day is all ready to be claimed. Please Login or Register. Thank you for your confirmation,” reads the message on the malicious site.
After the form that requires the credentials is completed, the site claims that the password is incorrect and the victim is required to provide the data once again, the phishers probably wanting to make sure the password they obtain is accurate.
Only after the second attempt, the user is redirected to the legitimate page of the application.
Individuals who are presented with such false prizes are advised to ignore them and close the page before the crooks make away with their data. Those who already fell for the scam are recommended to immediately change the email passwords before the cyber villains do.