Co-Author: Avdhoot Patil
Phishers often choose baits with the motive of reaching out to a large number of end users. In December, 2011, phishers’ choice of bait were songs from the Indian movie "Bodyguard" (starring Salman Khan and Kareena Kapoor). Due to the popularity of the soundtrack, phishers anticipated a large target audience which could improve their chances of harvesting user credentials. This particular phishing site was hosted on a free web hosting site.
The phishing site targeted Facebook and it played a music video from the movie in the bottom left corner of the phishing page. The main content of the phishing page promoted songs as custom graphical "skins" for social networking profiles. The phishing page then encouraged users to enter their social network login credentials, stating that after logging in they could listen to popular songs and enjoy several features. The phishing site also boasted news of being the "Best Song Website In India".
Other fake features promoted on the page include:
Clearly, phishers were looking for every means of duping users. Actually, after login credentials are entered, the phishing page would redirect to a legitimate song application page on Facebook. The strategy behind redirecting to a legitimate and related application page is to create the illusion of a valid login. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Here are some links from Facebook and the FTC to help users combat phishing:
We advise internet users to follow best practices to avoid phishing attacks: