Phishers using Aam Aadmi Party and Arvind Kejriwal as bait: Symantec

Cybercriminals have again whipped out another phishing attack, this time using AAM AADMI PARTY as the bait .

By Kul Bhushan Published Date
15 - Apr - 2014
| Last Updated
15 - Apr - 2014
Phishers using Aam Aadmi Party and Arvind Kejriwal as bait: Syman...

If you are an Aam Aadmi Party follower, here's an important update for you – a phishing website that spoofs Facebook's appearances and includes Arvind Kejriwal, former chief minister of Delhi and leader of Aam Aadmi Party, has been spotted.

Symantec, which spotted the website, claims phishers are using the Kejriwal and his party as bait to attract users to submit their login credentials on a fake Facebook page. The phishing site was hosted on servers based in Lansing, Michigan in the US.

The phishing site 'Unite With Us Against Corruption' features a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image features a picture of the party’s leader Arvind Kejariwal and his Twitter tagline: “Political revolution in India has begun. Bharat jaldi badlega.”

Fake Facebook “like” button and Arvind Kejariwal's pic on the phishing site

After clicking on the “like” button, users are prompted to enter their Facebook login credentials so that they can “like” the Aam Aadmi party page.

Site prompts users to enter their Facebook login data to “like” the Aam Aadmi party page


According to Symantec, phishers have also put up a misleading log in prompt in the phishing page. And rather mentioning the Aam Aadmi Party, the page tells users to log in their Facebook details to like cute baby pictures.

A login confirmation and the fake “like” button

“Phishers frequently use the same template to host different applications but this time, they forgot to change the reference to cute baby pictures. After the user enters their login credentials, the phishing site redirects the user to an acknowledgment page. The Web page then asks the user to click another “like” button,” points out Symantec in a blog post.

The email address entered in the log in page is again showed on the acknowledgement page. There's a like button that is placed beside a fake number that is supposed to be the amount of likes the party has gained on the social network. As you can see, the button is just dummy and does not perform any function.

Symantec warns if users have entered their personal data, phishers can gain access to confidential information.