Sophos Cloud Optix
Today, I’ve encountered a phishing spam campaign that could affect members of the hi5.com social network. Messages of that campaign present a fake hi5.com friend request to the recipients and invite them to enter their credentials on a fake replica of the official http://hi5.com login portal.
This phishing campaign could be an attempt to steal login and password information from legitimate hi5.com users, as well as all the information that this login and password can unlock.
The malicious email messages that are sent out look like the following:
They resemble closely a legitimate invitation from hi5.com, except for the fact that the “Accept Friend” link leads to a web page hosted under the .vc top level domain (TLD), rather than the usual hi5.com.
The sign-in webform on the .vc page will just accept, and probably store, usernames and passwords that are entered — so please don’t submit your information.
If you unfortunately read this post too late, I suggest you change your password on your hi5 profile as soon as possible. You should do the same for all the other websites where you may have used the same password (e.g. email account, msn account, youtube, etc.), as the phishmongers will likely attempt to log in those sites as well with the same user info.