Phishers up their game

An unusually well crafted phishing site posing as the site of a well-known software company has been recently spotted by Symantec.

Pushing software products at extremely discounted rates due to a “summer sale”, the page requested the customer to enter a slew of personal (name, address, email address, phone or cell phone number) and financial information (credit card number, CVV code and expiration date) in order to effect the purchase.

But, what makes this phishing attempt different from others is the fact that the phishers ran the extra mile in order to attract as many victims as possible.

Not only have they used a newly registered domain name for the site, but they formulated it in such a way as to contain the common search keywords for the products. This way, when a user searches for those keywords through a search engine, increasing the chances for this particular site to pop up among the top results.

But, there’s more. Thinking that a trust seal would be the perfect final touch for lending credibility to the page, the phishers put fake ones that spoofed two major companies on it.

When clicked, a window would pop up and reference a fake site. The URL of the fake site would, at first glance, seem like the trust seal is linked to an appropriate third party that certifies it. But, the URL should also contain a padlock icon, “https’, or a green address bar – and this one doesn’t.

All in all, it is definitely a good try by the phishers. Let’s hope that this means that users are finally starting to learn about phishing sites and are increasingly more successful at detecting the badly designed ones.




Share this