In the past month, Symantec has observed a fraudulent website spoofing a social networking brand. The phishing website has tried to make an association between a pornographic website and the social networking brand. The legitimate social networking site does not involve itself with any form of pornography or adult sex chat. The pornographic website provides free pornography and offers additional features for paid accounts. The phisher’s motive of associating the two otherwise disparate sites is to trick users into believing that they can view pornography—with all the added features for free—within the social networking website. The phishing website also displayed some adult user profiles as the most popular profiles of the week or month to tempt users to chat with them. These profiles, however, are fake and do not exist on the legitimate social networking site. If fraudsters are successful, the user would have given up his or her login credentials to the phishing website in the hopes of viewing pornography or participating in adult chat. The use of pornography as bait is not new and similar cases have been observed in phishing sites spoofing information services brands. To read more on those trends, please refer to the blog entitled "Phishing Using Pornographic Content as Bait." The phishing website was hosted on a Web-hosting site. Upon entering login information, the Web page redirects to the pornographic site. Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams: • Do not click on suspicious links in email messages. • Check the URL of the website and make sure that it belongs to the brand. • Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link. • Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing. ------------------ Note: My thanks to this blog's co-author, Avdhoot Patil.