Phishing on social networking sites
If you’re like most young Kiwis, chances are you have a Bebo or MySpace page. Social networking is the main way that teens around the country are connecting, and from all reports you’re having a great time maximizing the many cool things that these sites can offer. However, we’ve recently heard about an example of phishing on MySpace that might easily trip you up. Even if you’re not a MySpace user, it could just as easily happen on any other website, so read on for an explanation and some tips on avoiding being sucked in.
The lure
A comment is left on your MySpace profile encouraging you to visit a particular profile. Note in the one below that they’re using a lure that some people would find very tempting!
The trick
The URL given leads to a forged MySpace profile that you must login to view. It all looks very convincing . . .
But if you hovered over the login button, you’d quickly see that the target URL - http://xcppc87i.cn/login.php - in fact looks a bit phishy . . .
You're captured!
When you enter your details in order to login to see the promised photos, the login.php page dumps your email and password into the phishers database and redirects you back to the official MySpace page, telling you that your login has failed. The phishers now have your email address and MySpace password, and you’re none the wiser . . .
What happens to my info now?
Once the scammers have your login and password, they can log into your account and do anything they like to your page. One of the most common reasons why they want your logon information is in order to post links onto your page (and send out spam to your friends which looks like it is from you) which install key logging programs onto your computer. Key loggers record information like your internet banking details and your credit card info, and other personal stuff that you type into your page.
So what can I do to protect myself?
One of the most fun things to do on sites like MySpace is following links on people’s profiles to see what sorts of things they’re into. However, scams like the one above are all over the net, and it can be hard to figure out which links are legit and which aren’t. By the time you’ve figured out you’ve been had, it’s probably too late to retrieve whatever details you’ve unwittingly given out. While this can make it tricky to fully protect yourself online, the below tips can go someway towards helping:
- Have a close look at the URL of the link you’re wanting to follow. You can do this by hovering your mouse over the hyperlink (don’t click on it just yet!) and ensuring that the URL matches the description of it given. In the above example, you can see that they’re quite different!
- Wherever possible, try to type the website that you want to visit into the address bar yourself. This doesn’t mean just blindly copying the URL that has been posted on your page; make sure you follow the tip above first and assess whether the link is for real or not.
- While it can be fun, randomly following links isn’t the safest thing to do. Computer viruses can be easily transmitted from following dodgy links, and as you can see in the above example, phishers also regularly use false URLs to obtain your details – sometimes for illegal reasons. Practice the same basic safety browsing the internet that you would when walking down the street; you wouldn’t automatically open every door you pass on the street, so why do it online?
|
|
