Phishing Attack on Popular Indian Job Website

Symantec, an anti-spyware and Internet security protection group, in the last week of March 2010, discovered a phishing website which misused the brand of a renowned Indian job site, as per the news published by ITP.net on April 11, 2010.

Although Symantec does not reveal the name of the targeted website, it can be judged from the screenshot sample that it is Naukri.com, the leading Indian job site.

Experts observed that the phishing page, specially crafted to give a legitimate look, steals login credentials of employers, which are further used to distribute targeted spam e-mails to the employers. These e-mails ask them to pay to upgrade or to continue with their access/ subscription to particular recruitment solutions.

The link provided in the spam e-mail asks the users for their confidential information like credit card and PIN numbers.

Apart from this, the attackers, impersonating as employers, were also spotted to distribute spam to the candidates seeking for a job. These spam e-mails informed them of the bogus job opportunities so as to pull in more innocent users.

Naukri.com, India's no. 1 job website, features jobs for people from employers based around the world. The potential employers include those from the United States, Middle East and Europe, with Info Edge branch offices located in Bahrain, Saudi Arabia and Dubai.

According to Symantec, the growing number of job-seekers in the country has resulted in the launch of phishing attacks on the Indian job sites. Researchers at Symantec also said that this phishing site was developed on the servers situated in the Netherlands, as per the news published by ITP.net on April 11, 2010.

Candidates must be watchful of clicking on suspicious links provided in e-mails. They must ensure that the embedded URL links are of the brand's website only. Also, open e-mail attachments if you're awaiting them, and know their content. Even if the e-mails appear as if they are from known people, they could be the messages from scammers, and could contain information stealing software.

A user must always report about phishing incidences, no matter he is a victim or not. Inform the agency or the company about the impersonating activities of the phisher. The issue can also be filed to law enforcement agencies. This information helps experts to stop identity theft.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 4/21/2010