Symantec put out a report this week revealing that phishers
in the Middle East are using the Syrian conflict as context for their scams.
It’s quite common for phishers to use current events, but I think we can all
agree, this is pretty messed up.
Sadly, just monetizing the conflict isn’t the only bad part
here.
The scam spoofs a Middle Eastern social networking site and
offers victims a torture video of a prisoner in the Syrian prison, State
Security Branch Khatib.
So, in a nutshell, we have scammers taking advantage of a
violent civil war in order to fleece money from snuff seekers. Classy stuff.
The title of the phishing site translated to “Liberal
torture in the State Security Branch Khatib”. The site warned that the video
contained scenes of violence and asked users for their permission before
proceeding. After permission had been granted, users were prompted to enter
their login credentials. The login credentials were allegedly required to
confirm that the user was over 18 years of age. After the login credentials had
been entered, the same phishing page was reloaded. If users fell victim to the
phishing site, phishers would have successfully stolen their information for
identity theft. [Symantec]
Frequently, phishers compromise files on target computers
for their scams, but in this incident, the actual domain was compromised.
One thing that’s important to remember: this kind of scam
relies not on complicated hacking, but human vulnerability. No matter what
security measures you take, if you don’t surf smartly and carefully, this kind
of thing could happen to you.
Symantec provides the following guidelines for staying safe:
- Do not
click on suspicious links in email messages
- Do not
provide any personal information when answering an email
- Do not
enter personal information in a pop-up page or screen
- Ensure
the website is encrypted with an SSL certificate by looking for the
padlock, ‘https’, or the green address bar when entering personal or
financial information
- Update
your security software (such as Norton Internet Security 2012) frequently
which protects you from online phishing
No comments:
Post a Comment