Have you ever accessed faceboook.com? At a glance, you may mistake this domain for the most popular social networking site, Facebook.com. However, with a closer look, you will definitely see the difference: “book” has been replaced by “boook”. This fake domain has been employed by hackers to fool users. Since there is a huge number of Facebook users, the probability of mis-typing is quite big.
Upon mis-typing and accessing the fake domain “faceboook.com”, users will be redirected to another website with Facebook-styled interface.
Figure 1: The browser redirects users to another website upon their mis-access to faceboook.com
Based on users’ IP, hackers are able to identify which countries they are in and will redirect users to a website with corresponding language. This shows bad guys’ effort to develop a phishing network in many nations in the world.
Bad guys have created a quite attractive scenario: you have been selected to take part in a celebration and have chance to get one in three gifts, namely an iPhone 4, a Macbook Air or an iPad.
Figure 2: The browser redirects users to another site upon their mis-access to gmial.com
However, to get this gift, you have to answer some questions and send a message to a switchboard provided by hacker, which of course is not free. As a result, you will lose an amount in your phone account.
Figure 3: Guidance to send message
As far as I see, hackers have registered a lot of domains faking popular websites to serve this campaign such as:
| Fake domain || Genuine domain |
| Faceboook.com || Facebook.com |
| Twittter.com || Twitter.com |
| Yooutube.com || Youtube.com |
| Gmial.com || Gmail.com |
If you happen to know any more fake domains like these, report to us.
Due to the campaign’s large scale, there is a quite large number of people mis-typing domain name and redirected to the phishing site.
Figure 4: A week after domain registration, traffic rank of phishing site reached an alarming figure (source: Alexa.com)
To avoid falling victim to bad guys’ traps, users are recommended to verify the domain they type, if the content displayed is different from the one they still visit.