Former Egyptian Prime Minister Featured in Phishing Attack

Contributor: Avdhoot Patil

Phishers have already shown interest in the violence that erupted recently in various parts of the Arab world. The phishing attack involving Syria is a good example. Phishers are now taking advantage of the political unrest in Egypt as protests in the country continue. In March 2013, phishers promoted former Egyptian Prime Minister Ahmed Shafik in a phishing site. The phishing site was hosted on servers based in North Carolina, USA. The name “Ahmed Shafik” was used in the domain name of the phishing site.

blurred_website_600px.png

Figure 1. Phishing site designed as a fake official website of Ahmed Shafik

The phishing site was designed to look like an official page of the politician. It contained a message in Arabic prompting users to choose from two brands in order to get news and updates of Ahmed Shafik. The brands belonged to social networking and information service sectors respectively. When the logo of either of these two brands is clicked, users are redirected to the phishing sites that pose as the login pages of the respective brands. The contents of the phishing pages were altered to promote the former Prime Minister. If users fell victim to the phishing site by entering their sensitive information, phishers would have successfully stolen their confidential information.

Users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages
  • Do not provide any personal information when answering an email
  • Do not enter personal information in a pop-up page or screen
  • Ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar when entering personal or financial information
  • Update your security software (such as Norton Internet Security, which protects you from online phishing) frequently