Great, One More Friend… Or So You Think.

Today, I’ve encountered a phishing spam campaign that could affect members of the social network. Messages of that campaign present a fake friend request to the recipients and invite them to enter their credentials on a fake replica of the official login portal.

This phishing campaign could be an attempt to steal login and password information from legitimate users, as well as all the information that this login and password can unlock.

The malicious email messages that are sent out look like the following:

A fake request from a fake friend. The name varies from one message to another.

They resemble closely a legitimate invitation from, except for the fact that the “Accept Friend” link leads to a web page hosted under the .vc top level domain (TLD), rather than the usual

The sign-in webform on the .vc page will just accept, and probably store, usernames and passwords that are entered — so please don’t submit your information.

The Fake hi5 portal.
The malicious hi5 portal under the .vc domain looks legitimate at first sight. The links at the bottom however are broken, and the sign-in form on the right will accept any bogus information that you feed it.

If you unfortunately read this post too late, I suggest you change your password on your hi5 profile as soon as possible. You should do the same for all the other websites where you may have used the same password (e.g. email account, msn account, youtube, etc.), as the phishmongers will likely attempt to log in those sites as well with the same user info.