Lucky draw prizes are commonly used as baits in phishing schemes and in July 2012, phishers offered a smart phone as a lucky draw prize, a Symantec blog post reported recently.
The Symantec report also said that the phishing site, which was hosted on servers located in USA, spoofed or created a look-alike of the website of a French telecommunications company. The user is directed to the phishing site which stated that a lucky draw takes place every day and that the user won the day’s draw which for that day was a smart phone.
To receive the prize, the “winner” was required to enter personal information including the user’s first name, family name, residential address, telephone number, and email.
If the users fall victim to the phishing site, phishers would have successfully stolen their information to use for identity theft, added Symantec.
Phishing is defined in Wikipedia resources as an attempt “to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.”
“Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.”
Wikipedia also describes the term “phishing” as a variant of “fishing” which alludes to “baits”, the baits or lures being attractive but malicious links or attachments which if pursued may lead to theft of financial information, passwords and other personal details.
So, how does one avoid being “phished”?
Here are Symantec’s best practices recommendations:
- Do not click on suspicious links in email messages.
- Do not provide any personal information when answering an email.
- Do not enter personal information in a pop-up page or screen.
- Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information.
- Update your security software frequently to protect from online phishing.
Next time you receive a congratulatory message in your mailbox that you won a smart phone, be smart.
If it smells “fish”, then it must be “phish”. Don’t be lured to following the link.