New Phishing Scam Targets Hi5 Users

Security firm Sophos warns about a new phishing scam underway, which is attacking people on the social networking site Hi5. The scam involves e-mails that pose as invitations from friends, while the included link directs the user on a phony login page.

J. Legare, malware Analyst at SophosLabs Canada, said that the phishing scam may be an attempt to steal password and login details from genuine Hi5 users along with the data that the same password and login information could unlock, as reported by Softpedia on December 15, 2008.

The security specialists state that a new site user might find it difficult to distinguish the fraudulent e-mails from the real invitations sent by the users of the site.

Evidently, adding someone's address to the friends' list requires user verification; therefore, one might think that the link embedded in the invitation message would open the Hi5 sign-in as well as the registration page within his/her browser. At this point, the phishing scammers hope that the users would not notice the unusual change, as the closely resembling sign-in page is supported on a .vc domain.

Moreover, neither all the web-links displayed on this page function nor does the changed user registration page. However, the form for log-in would accept anything submitted onto it.

In addition, Legare cautions that anyone who has become a victim of the attack must reset all his account log-in passwords such as on MSN, e-mail YouTube etc., and not merely Hi5. According to the research analyst, the phishers is likely to try to access those accounts as well, using the same details.

Moreover, the security specialists said that it is nothing new that ID thieves are using social engineering tricks to get unsuspecting users to give away their personal information. These types of techniques are especially successful when used in social networks, as people visiting them tend to trust new friends and reveal their private information online.

Here, the specialists mentioned that the infamous Koobface virus that inflicted MySpace and Facebook over the months was also successful because it similarly exploited the users' trust in messages arriving from individuals in their buddy list.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 12/20/2008