Internet security firm Symantec said it recently observed a phishing site featuring British singer and actress Rita Ora.
Hosted on a free Web hosting site, it prompted users for Facebook login credentials, calling the video a ?social plugin?. The phishing page contained an image of a fake YouTube video of Rita in the background.
The title of the video in question described it as an adult video of Rita Ora. A recent event involving an accidental exposure of Rita instigated phishers into devising this bait.
The phishing site gave the impression that users could view the video shown in the background when login credentials are entered. In reality, after login credentials are entered, users are redirected to a legitimate site containing adult images of Rita Ora.
The purpose of redirecting users to a site containing images of the video is to convince them that the login was valid and to avoid suspicion.
If users fall victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
Internet users are advised to follow the best practices below to avoid phishing attacks:
? Do not click on suspicious links in email messages
? Do not provide any personal information when answering an email
? Do not enter personal information in a pop-up page or screen
? Ensure the website is encrypted with an SSL certificate by looking for the padlock, ?https?, or the green address bar when entering personal or financial information
? Use comprehensive security software which protects you from phishing scams and social network scams
? Exercise caution when clicking on enticing links sent through email or posted on social networks