In October 2010, a phishing site of a bank was observed that used fake offers of mobile phone airtime as bait. A similar trend was reported earlier in the phishing of a social networking site. To read more on the trend, please refer to “Fraudsters Offering Free Mobile Phone Airtime”.
In this particular attack, the phishing site spoofed the login page of a popular Italian bank. Upon entering the login credentials, the phishing page requested that the customer choose from a list of four mobile service providers. After the service provider was selected, the page requested the customer’s mobile phone number and the amount of airtime to recharge. The phishing page claimed that 40 Euros would be given as a bonus in addition to the amount selected for recharge. This fake offer of a bonus is the bait used by fraudsters in the hopes of tempting customers to give away their sensitive information.
Finally, the phishing page displayed a summary of the data provided by the customer. The phishing page further requested a password of the customer’s mobile device in order to complete the transaction. After the password is entered, a message is displayed that the recharge will be delivered within 24 hours. The customer is then redirected to the legitimate bank’s website. Fraudsters are yet again looking for means by which they can steal banking credentials for financial gain.
The phishing site was hosted on servers based in the USA. The domain name of the phishing site was a typosquat of the bank, so customers may have entered the phishing site from typographical errors made while typing the legitimate website address.
Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:
• Do not click on suspicious links in email messages.
• Check the URL of a Web site and make sure that it belongs to the brand.
• Type the domain name of your brand’s Web site directly into your browser’s address bar rather than following any link.
• Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.
Thank you to the co-author of the blog, Avdhoot Patil.