Great, One More Friend... Or So You Think.

Filed Under: Phishing, SophosLabs, Spam

Today, I've encountered a phishing spam campaign that could affect members of the hi5.com social network. Messages of that campaign present a fake hi5.com friend request to the recipients and invite them to enter their credentials on a fake replica of the official http://hi5.com login portal.

This phishing campaign could be an attempt to steal login and password information from legitimate hi5.com users, as well as all the information that this login and password can unlock.

The malicious email messages that are sent out look like the following:

A fake request from a fake friend. The name varies from one message to another.

They resemble closely a legitimate invitation from hi5.com, except for the fact that the "Accept Friend" link leads to a web page hosted under the .vc top level domain (TLD), rather than the usual hi5.com.

The sign-in webform on the .vc page will just accept, and probably store, usernames and passwords that are entered -- so please don't submit your information.

The Fake hi5 portal.

The malicious hi5 portal under the .vc domain looks legitimate at first sight. The links at the bottom however are broken, and the sign-in form on the right will accept any bogus information that you feed it.

If you unfortunately read this post too late, I suggest you change your password on your hi5 profile as soon as possible. You should do the same for all the other websites where you may have used the same password (e.g. email account, msn account, youtube, etc.), as the phishmongers will likely attempt to log in those sites as well with the same user info.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s