It is common knowledge that phishers [Authors of a phish] attempt to steal sensitive information such as passwords, credit card details etc. by masquerading as a trustworthy entity. Some key elements of a phish are:
- A fake website created by simply ripping content off the original site and pasting them on the spurious one
- A bait which engages potentially attractive terms like “Watch nude girls now”, “You’ve won a million dollars”, “Find what your neighbor is up to “, etc. to attract victims
- Scare mongering by using words like “Account has been suspended”, “Computer found to be infected”, “Severe action will taken” etc.
- Create a YouTube video
Yes, you read that right!! Phishers now go to the depths of creating videos explaining to the potential victim how to execute the phish. Call it a “how-to-guide” to give your secrets away, if you’d like.
The site under discussion http://fbshirts.[Blocked], apart from having all the usual elements of a phish also has a video on YouTube instructing users how to give away their Facebook “mobile email address”. This is a personalized email address used to post status updates straight to your profile.
Users who’ve fallen victim to this scam will have a spam message posted on their facebook wall like the one below:
One would like to think that no one would fall victim for such a scam. But the number of hits that this video has received, (80,432 and counting) paints a bleak picture. See image below:
Our usual sentiments about keeping one’s security solutions up-to-date and being vary of giving one’s personal information to unknown sites apply.
Lokesh Kumar
K7 TCL
If you wish to subscribe to our blog, please add the URL provided below to your blog reader:
https://labs.k7computing.com/feed/