Thailand’s law enforcement agencies seem to have launched a massive phishing attack against its own citizens to collect email and personal information of anyone trying to access blocked websites.
On 18 June anyone trying to access a blocked website was redirected to tscd.info, a site with logos of a number of government agencies including the ICT Ministry and the technology crime suppression division from which the site gets its name. The site originally had buttons to log in with Microsoft, Google and Facebook social media networks.
Privacy activist group Thai Netizen Network warned that even the close button was in fact just a disguised Facebook login button and warned people not to click it, though this could not be verified as the site was taken down on Friday.
Blocked sites in Thailand include pornography, gambling and even sites critical of US oil and gas interests, not just those of the anti-monarchy movement.
Even TV broadcaster Nattakorn Devakul, son of junta chief financial advisor Pridiyathorn Devakul, apparently fell foul of the phishing and launched a scathing rant on his father’s friends on social media.
A number of anti-virus vendors were contacted but none cared to comment on the matter for this story. Anecdotal evidence suggests that none of the major anti-virus or web safety products detected or blocked the operation.
Neither Microsoft nor Facebook replied to requests for comments by the time of going to press.