As the election fever is gripping the nation, scores of political leaders have turned to social media for amassing electoral support. The act has led cyber criminals leverage the situation by using the same community as bait.
Yes, a new report released by security solution firm – Symantec highlights the Phishers are targeting Indian users by using Arvind Kejriwal (leader of the Aam Aadmi Party) as a bait.
The phishing site, titled “Unite With Us Against Corruption”, uses image of the Aam Aadmi Party leader, Kejriwal along with fake Facebook “like” button. The caption to the picture is provided by the leader’s latest Twitter tagline – “Political revolution in India has begun. Bharat jaldi badlega.”
After clicking on the “like” button, users are prompted to enter their Facebook login credentials for liking the Aam Aadmi party page. Upon entering the credentials, the phishing site redirects the user to an acknowledgment page. The Web page then asks the user to click another “like” button.
The email address entered earlier is then displayed on the acknowledgement page. The “like” button is placed beside a fake number that claims to show the amount of likes the party has already gained.
If a user falls victim to the phishing site by entering their personal data, phishers successfully steal his confidential information for identity theft purposes. As such Symantec advises Internet users to follow these best practices to avoid becoming victims of phishing attacks.
- Exercise caution when clicking on enticing links sent through emails or posted on social networks
- Do not click on suspicious links in email messages
- Do not provide any personal information when replying to an email
- Do not enter personal information in a pop-up page or window
- Ensure that the website is encrypted with an SSL certificate by looking for a picture of a padlock image or icon, “https”, or the green address bar when entering personal or financial information
- Use comprehensive security software, such as Norton Internet Security or Norton 360 to protect you from phishing and social networking scams
The phishing site is hosted on servers based in Lansing, Michigan in the US. For more information, visit Symantec blog.