Contributor: Avdhoot Patil
Phishers have continued to focus on social networking sites as a platform for their phishing activities. Symantec is familiar with various phishing campaigns related to social networking. Celebrity promotions, fake applications, recharge airtime, and grand prizes are often used as phishing bait. In a recent example, phishers have used the Turkish Police Force in their phishing attack targeting Turkish Facebook users. The phishing site was hosted on a free Web hosting site.
Figure. Phishing site designed to look like an official Turkish Police Web page
The phishing site was in Turkish and it stated that it is owned by the General Directorate of Security, Turkey. The phishing page further stated that the Turkish Police has recently observed Facebook account information being stolen and hence developed a website to combat the theft of Facebook information. The phishing page also stated that, according to the Turkish criminal code, users need to fill in their information correctly. Once login credentials are entered, a request will be sent to the police to protect the user’s account.
The phishing page contained the name and address of the main branch of the Turkish Police Force located in Ankara. The message was allegedly from the Turkish police security system but ironically, the phishing site was created with the motive to steal user credentials. Upon entering credentials, the phishing page redirects to a legitimate Facebook site.
If users fall victim to this phishing scam by entering their login credentials, the scammers successfully steal their information.
Internet users are advised to follow best practices to avoid phishing attacks: