Thursday, July 28, 2011

Phishing Brazilian Brands

Symantec keeps track of the brands targeted by phishing and monitors trends in the countries in which the brand’s parent company is based. Over the past couple of months, phishing sites have been increasingly targeting Brazilian brands. In May and June, the number of phishing sites on Brazilian brands made up about 5 percent of all phishing sites. This is an increase of nearly three times that of the previous month. The phishing Web pages were in Brazilian Portuguese. The most targeted brand in these phishing sites was a social networking site.
 
Below are some noteworthy statistics on the trend observed:
 
  • The majority of the phishing on Brazilian brands, approximately 58 percent, used IP domains (e.g., domains such as hxxp://255.255.255.255). 
  • Twelve Web-hosting sites were used to host 4 percent of the phishing sites on Brazilian brands.
  • There were several banks attacked in phishing and the banking sector made up about 39 percent of the brands targeted. Phishing of the social networking sector primarily targeted one single brand and comprised 61 percent of the total. The remaining phishing sites (approximately 0.5 percent) spoofed an airlines brand.
  • Approximately 64 percent of the phishing sites were created using automated phishing toolkits. The remaining 36 percent were unique URLs.
 
As a majority of the phishing attack came from automated toolkits, we understand that phishers are trying to target more Internet users from Brazil. With the possession of these toolkits, phishers are able to create phishing sites in large numbers by randomizing URLs. Below are two randomizing URLs used in the toolkits:
 
  • hxxp://***.***.***.***/~namo/login011/?accounts/ServiceLogin?  [IP removed]
  • hxxp://***.***.***.***/~namo/login008/?accounts/ServiceLogin? [IP removed]
Domain names used in phishing sites of Brazilian brands
Figure 1: Domain names used in phishing sites of Brazilian brands
 
Internet users are advised to follow best practices to avoid phishing attacks:
  • Do not click on suspicious links in email messages;
  • Avoid providing any personal information when answering an email;
  • Never enter personal information in a pop-up page or screen;
  • Frequently update your security software, such as Norton Internet Security 2011, which protects you from online phishing.
By:  Mathew Maniyara