Here’s a rather cheeky Phish for Star Wars: The Old Republic that really wants to get to know you better.
The site uses elements from the real thing and the login page is almost identical, save for the fact that the genuine login screen says “Email address or trial account display name” – the fake misses the trial account reference altogether.
Click to Enlarge
Attempting to login brings up the following “Verification check”:
Click to Enlarge
“Being online can be fun, sociable and inspiring. However, we found that your account has unusual activity. To help you enjoy the time you spend online at our sites and using our services, you need to confirm your security answer”.
The end-user is then asked to select a “secret question” from a drop down and enter the answer before hitting the “Check it” button. There’s a lot to choose from:
Click to Enlarge
Unfortunately the scammers want quite a bit more out of the victim than one secret question answer. The next screen the end-user will see is this:
Click to Enlarge
Yes, they want a backup answer because one secret question just isn’t enough. As before, the end-user will pick one from the drop down menu above and continue. We’re not out of the phishing expedition woods yet though…
Click to Enlarge
That’s three and counting! They couldn’t possibly want more information, could they?
Click to Enlarge
…whoops. I’d be curious to know how many end-users would still be handing over information without any alarm bells ringing at this point, but just to hammer the point home:
Click to Enlarge
Stick a fork in it, he’s done. The phisher wanders off into the night with more secret question answers than they can shake a very large stick at, while the victim is shown the following screen:
Click to Enlarge
“Account Confirmed”. Confirmed for being in for a bad hair day, that is. Given the amount of secret question answers handed over, it’s quite possible that the scammers here will be able to use some of that stolen data in combination with the entered Email address and break into that account too. If that email is used to password reset additional accounts such as social networks, internet banking and blogs then we might feel a great disturbance in the Force, as if lots of accounts suddenly cried out in terror and were suddenly silenced.
If you’ve found yourself filling in one too many questions related to security questions lately, it might be a good idea to go change them before some serious damage is done.
Christopher Boyd
Leave a reply
