FYI...Fake Offers with Fake Trust Seals
Sep. 5, 2011 - "... Symantec observed a phishing site that utilized a number of new tricks
. The phishing site masqueraded as a well known software company and claimed to offer associated software products at discounted rates. The phishing page highlighted these fake offers as “summer offerings” and stated that customers could save 80% on their purchases
. Users were prompted to enter their billing information, personal information, and credit card details
to complete their purchases... If any users had fallen victim to the phishing site, the phishers would have successfully stolen their confidential information for financial gain... The phishing site was hosted on a newly registered domain name, and this new domain name was indexed in several popular search engines and had a very high page ranking. Phishers achieved the boosted page ranking by using common search keywords for the products within the domain name. For example, the domain would look like “common-search-keywords.com”. Thus, if a user searched with these keywords in a search engine, they could end up with the phishing site as a high-ranked result... The phishing page also contained fake trust seals at the bottom of the page
. A legitimate trust seal is a seal provided to Web pages by a third party, typically a software security company, to certify that the website in question is genuine. Clicking on a trust seal will pop up a window provided by the third party, which contains details of the site name and the encryption data used to secure the site...
Internet users are advised to follow best practices to avoid phishing attacks:
• Do not click on suspicious links in email messages.
• Avoid providing any personal information when answering an email.
• Never enter personal information in a pop-up page or screen.
• When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar
• Frequently update your security software..."(Screenshots available at the symantec URL above.)