According to Mathew Maniyara, a security researcher with Symantec's Indian cybersecurity centre, last month his team observed a phishing web site masquerading as a well known software company and claiming to offer associated software products at discounted rates.
“The phishing page highlighted these fake offers as `summer offerings' and stated that customers could save 80% on their purchases. Users were prompted to enter their billing information, personal information, and credit card details to complete their purchases”, he says in his latest security posting.
“The personal information that was requested consisted of the user' email address and phone number. The credit card details that were asked for were the card number, CVV code, and card expiration date. If any users had fallen victim to the phishing site, the phishers would have successfully stolen their confidential information for financial gain”, he adds.
But, Maniyara goes on to say, the lure of fake software isn't the only trick being played on the site, as the pages were hosted on a newly-registered domain name that was indexed on several popular search engines and had a very high page ranking.
Phishers, he explains, achieved the boosted page ranking by using common search keywords for the products within the domain name. For example, the domain would look like `common-search-keywords.com', meaning that, if the user searched for these keywords, the domain name would come up in the results.
But it gets worse, as the Symantec researcher says the pages contained fake trust seals at the bottom of the page.
“A legitimate trust seal is a seal provided to web pages by a third party, typically a software security company, to certify that the website in question is genuine. Clicking on a trust seal will pop up a window provided by the third party, which contains details of the site name and the encryption data used to secure the site”, he notes.
The phishers used fake trust seals that spoofed two major companies, which when clicked, popped up a window that referenced a fake site. The URL of the fake site used sub-domain randomisation to achieve the required effect.
A quick glance at the URL, says Maniyara, would appear to link the trust seal to an appropriate third party, but if you look at the complete URL, you can see it is a fake site.
“The best practice for identifying a legitimate trust seal is to click on the seal and read the complete URL of the pop-up window. The pop-up window should have a padlock icon, https or a green address bar,” he advises.