Fraudsters Running a Classified Ad Campaign

Symantec has recently observed a trend of phishing sites attacking brands that feature online classifieds. The legitimate classifieds brands help customers seek and exchange information on various categories such as employment, real estate, automotive, matrimonial, and so on. These brands are typically free of cost and only require users to open a free account and do not include any form of monetary transaction. So, why are fraudsters attacking the brand when there is no financial transaction taking place?

Well, after stealing the user’s login information, the attacker then looks at the list of the user’s postings. Upon studying the categories of advertisements the user has been through, the attacker can send targeted phishing emails. This is all possible because the stolen login information consists of both the user’s email ID and password, rather than just a unique user ID.

The phishing emails are sent with several subjects; for example, the organization wants to confirm the user’s identity so as to place a customer’s order, or to transfer funds to make a purchase, etc. In order to better serve up their attacks on customers, fraudsters are taking advantage of the fact that online classified advertisements often have too many categories to choose from. Also, these brands deal with millions of customers and have billions of page visits a month, all of which provides attackers with a large pool of potential victims.

A significant number of phishing websites was observed in the last couple of months. Attackers utilized several techniques in creating the phishing sites, such as using free Web-hosting sites or automated toolkits, etc. Some noteworthy statistics on the attacks on classified advertising brands are:

1.    The use of IP-based domains made up 4% of the attacks.
2.    More than 8% of the phishing sites were created using free Web-hosting sites.
3.    Typosquatting on the brand’s domain name accounted for 8% of the attack.
4.    About 19% of URLs were generated using automated toolkits; the remainder consisted of unique domains.

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

•    Do not click on suspicious links in emails.
•    Check the URL of the website and make sure that it belongs to the brand.
•    Type the domain name of your brand directly into your browser rather than following any link.
•    Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.

------------------

Note: My thanks to Rohan Shah for contributed content.