Archive for February 2010

Gone Phishing

Posted: Thursday, February 25, 2010 at 8:30 am
By: Karen Sherman
No Comments | Trackback Bookmark and Share

I have countless passwords for the various sites I use throughout the day.  I can think of seven different ones off the top of my head as I write this post.

Your password(s) should be important to you.  Especially if you do any sort of financial-type work online like Internet banking, investments or trading.  Ebay and Paypal are linked to your bank account, so you wouldn’t want those passwords getting into the wrong hands.

The Internet is a safe place, and so is Sioux Falls!  But this doesn’t mean you can leave the keys in your car.  So why would you give your password out to a stranger?  OK, maybe it’s not as straightforward as that, but there are some simple rules to follow.

A phishing scam has been making its rounds on Twitter lately.  While it may not be a big deal to you if someone hacks your Twitter account to send messages to your followers, what if you use the same password on Twitter as your Internet banking account?  Feeling a little worried now?  You should.  (But don’t be scared; there’s a simple fix and things to watch out for.)

Over the past day or so, I’ve gotten these direct messages through Twitter:

This You? phishing scam

This You? phishing scam

Anyone worried about incriminating photos or stories would be inclined to click the link.  After all, I have to make sure that picture of me eating my co-workers Kit Kat isn’t making its way around the Internet.

Clicking the link brings up a familiar page:

Twitter login page.  Or is it?

Twitter login page. Or is it?

Upon closer inspection, the URL in the address bar reads:  http://twitter.login.kevanshome.org/login/?F4y3P  (The one you see may be slightly different.)

The real Twitter login page:

Official Twitter Login Page

Official Twitter Login Page

Notice the URL reads: http://twitter.com/login

Always check the URL when providing sensitive information

Make sure you’re logging into the correct Web site, whether it’s your Twitter, Facebook or even your bank account.  For an experienced Web developer, it only takes moments to duplicate the look and feel of a Web site you’re used to seeing.

Use different passwords

If you use the same password on all sites, it’s easier to compromise your security.  It may not be a big deal if you lost your Twitter password, but if it’s the same as your banking password, now there’s reason to worry.

Use caution when on unsecured wireless networks

If you’re checking your bank account on an unsecured wireless network, you should know it’s fairly simple for hackers to intercept passwords and other sensitive information while it’s being transmitted.  Secure your wireless network and check the URL for https:// which encrypts the information you send.

The Internet is a valuable resource and a safe place, but you should always take extra precautions when dealing with passwords to your sensitive information.  If you feel your account has been compromised or if others report getting strange messages from you, be sure to change your password as soon as possible.