Category: phish

Tech Journalist breaks the silence — Journalist got Pwned!!

Paul

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam The Face Of A Facebook Phishing Scam
[Click Picture to see the full story]

[ad#ad2-right]As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

You could be the next person to have your Identity taken away from you.  So what should you do to prevent this type of phishing attacks, assume any email you get from Facebook, Myspace, Twitter, and Any other Social Sites to be a possible phish email.   These are always going to be a problem for these sites.  The spammers want access to be able to spam your friends and family with links, or to make you look foolish.  This is the reason they do it for Money or just for laughs.

One thing to remember is having a strong password will make it that much harder for you to be phished because if you can’t remember it you will be more careful.  I will keep preaching this having a good Firewall and Anti-virus will also prevent you from getting viruses from these type of phishing attacks.  It will also make it much more harder to go to sites that smell like Phish.  Remember only you can keep your identity a secret.

Are you worried about your identity?

Paul

So after the fiasco of the other day, I decided I will talk about security and why you should worry about new websites that you have never heard of.   People are not worrying about there identity and keeping there identity safe.   You see whenever someone signs up to a service without thinking about their password being stored or even used maliciously.   You see when most people don’t use more than one or two passwords for all there accounts and then you use the same password with a new website.  Are you asking for your identity to be stolen?  In one of my previous blog posts I talked about not having any privacy on the internet.

So How can you protect your privacy?

When ever I come across a site that I don’t know about and I want to protect my account from being compromised I find out what I can from several places:

  1. [ad#ad2-right]Google — Yes this is quite common to use to find out about what people are saying asking the keywords like is it a scam or what people are saying about the site?  This can be very useful to make sure I don’t get scammed by a company for instants the Nationwide marketing scam.  Although this is really important when you get things that sound questionable.  This can be very useful with regards to keep your wallet safe.

  2. Whois Network — If there is a site you’ve not heard about and have a question about it you can always do a whois lookup.   This is a great resource for finding out how long the site has been up and who owns it?  The problem with this is most people who have a website aren’t worried about security and privacy.   So you make sure this site isn’t a phish site or to make sure the site isn’t being used improperly.

  3. Sitetiki —  a good site to do some research.   It’s a wiki like Wikipedia but for websites and if they are good or bad.  It also has a spammer list for people to watch and make sure not to go to.  These sites are usually redirect spam sites uses for email.

What about Personal privacy?

With this I also want to talk about security online to prevent people from gaining access to your accounts online by guessing the password.  Some sites also like to phish for your account information and use the information gained to take control over your account so here are some useful links to help protect your account information:

  • [ad#cricket-right-ez]Roboform — This is good for generating a really good random password and remembering it.  This will keep people from guessing the password and also make it easy to come up with another good password.  This will also fill out the required site forms that usually use to sign into website.

  • A good VPN Service —  If your like me and you have to use free wifi from time to time and want to make sure you have privacy on the net.  This is good for security on any open wifi network and you don’t want to have anyone watch you while your browse online.  In case someone is interested what VPN’s are used for here is the link to let people understand it better.

  • Perfect Paper Passwords — This is coming from Security now Episode 115 and he talks about this to better help people make the best possible passwords.  Listen to it and it will help you understand more about security.

These are just a few ways to prevent people from gaining access to an account.   After doing some research on this and thinking about this in bigger detail.   I would like to make a public apologies about the fiasco yesterday and what happened.  In all truthfulness everything didn’t seem right with the doings of the going on with website.   I also was worried about the twitter spam it was sending out as you started the service.   I didn’t know until later that it was a real person trying to make a product twitter users could really use.   I have learned from my experience and I will work harder next time and not be so quick to act next time.   If I was the company that bought that site, I’d also offer a job to both of them for being intuitiveness on coming up with a really good product.

What’s with Google trends?

Paul

Having been going to the Google Trends and keeping watching.  I am starting to wonder something?  Take a look at this and you tell me?

Oct 20,2008 Google Trends

[ad]Can you see how someone might use this to create a Goog-411 and use it to promote there website? It is all about the hits and getting what publishers like to say the eyes on a website. Now is that going to confuse people or make people not want to come to a site.  So how would people abuse this?

Very Simple, they’d watch what is trending and post accordingly.  Now you as a reader would click on the website expecting to see what you want to see but instead it would popup with advertisements and maybe malware?  Check these links to better understand it:

[ad]
Now even though these are just a few.  You can see how someone might want to abuse it and get there site up on Google trends and be able to infect several to even millions of computers before Google sees that or stops.  You could in theory take over a website high in Google rankings and do exactly that.

Then I have to ask myself, why would hackers want to do it in the first? One they’d be able to direct people to sites that they could use to phish your information, or maybe make money by you going to these sites. It is all about money, I don’t say that lightly, but it seems to always be true.

So what is Google doing to prevent this? is it right to use Google for your advantage? Do we need it for anything other than to see what people are looking at? Is that a form of them tracking your every click.

[ad]
Are you comfortable with them keeping the list of what people searched for last year? if you don’t believe me, go check it out yourself. These are important questions to answer and should be explored.