Beware of the touching lovers story ! At least, beware of this touching lovers story.

According to Websense, a phish email is being spammed trying to coral users to a fake Youtube website. What's new here is the quality of both the phishing email and the fake website. Both are very convincing and could even fool regular Youtube users.

Once on the fake Youtube website, victims are told they need to download Flash player in order to watch the movie. Again, the message is very similar to the one used by the legitimate Youtube website when Javascript is turned off.

Here, though, trying to download that Flash player will lead to the installation of a keylogger (install_flash_player.exe).

The screenshots below will show how real-looking are those fake email and website :

The initial email message (source : Websense)

Zoom on the link to download the fake codec (source : Websense)