Contributor: Avdhoot Patil
Celebrity scandals are always popular and phishers are keen on incorporating them into their phishing sites. Recently, we observed a phishing site featuring British singer and actress Rita Ora. The phishing site was hosted on a free Web hosting site.
The phishing site prompted for Facebook login credentials that called the video a “social plugin”. The phishing page contained an image of a fake YouTube video of Rita in the background. The title of the video in question described it as an adult video of Rita Ora. A recent event involving an accidental exposure of Rita instigated phishers into devising this bait. The phishing site gave the impression that users could view the video shown in the background when login credentials are entered. In reality, after login credentials are entered, users are redirected to a legitimate site containing adult images of Rita Ora. The purpose of redirecting users to a site containing images of the video is to convince them that the login was valid and so avoid suspicion. If users fall victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow best practices to avoid phishing attacks: