The Security Operations Center here at PhishLabs reviews thousands of phishing sites every month. In recent months we’ve seen phishing sites targeting fast food restaurants like McDonald’s, airlines, online games, realtors and department stores. Just when we thought we had seen it all, we found a phishing site spoofing the Independent Corrupt Practices and Other Related Offences Commision of Nigeria.
In this case a WordPress blog was hacked, probably with the recent TimThumb vulnerability which has been massively exploited by phishers, to upload the following phishing site:
In this case, the legitimate website page has been altered to prompt for an email address in password. Apparently the scammers are simply stealing email credentials for future spam and phishing scams.
PhishLabs has reported the phishing site to the web hosting company involved.