Co-Author: Avdhoot Patil
Lucky draw prizes are commonly used as bait in phishing schemes. The fake lottery prizes observed last Christmas and the charity lottery are examples. In July 2012, phishers offered a smart phone as a lucky draw prize. The phishing site spoofed a telecommunications company based in France and was hosted on servers based in Fulshear, USA.
The phishing site was in French and the title translates to “Congratulations”. A message on the phishing site stated that a lucky draw takes place every day and that the user won the draw for the current day. In this case, the lucky draw prize mentioned was a smart phone. To attain the prize, the user was required to enter personal information, including their:
- User name
- Surname
- Residential address
- Telephone number
To gain the user’s confidence, they were informed that there were no delivery charges and no bank or credit information was required to receive the prize. If users fall victim to the phishing site, phishers would have successfully stolen their information to use for identity theft.
Internet users are advised to follow best practices to avoid phishing attacks:
- Do not click on suspicious links in email messages
- Do not provide any personal information when answering an email
- Do enter personal information in a pop-up page or screen
- Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
- Update your security software (such as Norton Internet Security 2012) frequently to protect from online phishing